5 matches found
WordPress KiviCare 3.2.0 Cross Site Scripting Vulnerability
Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624 Product Description...
WordPress KiviCare 3.2.0 Cross Site Scripting
Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Date: 03-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624...
CVE-2023-2624
The CVE-2023-2624 weakness affects the KiviCare WordPress plugin prior to 3.2.1. The vulnerability is a Reflected Cross-Site Scripting caused by not sanitising/escaping inputs (notably the filterType parameter in get_weekly_appointment), allowing injection of scripts in the context of an authenti...
CVE-2023-2624 KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator...
WordPress KiviCare Plugin < 3.2.1 is vulnerable to Cross Site Scripting (XSS)
Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2624 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 80bebdf9e719 Credits Arvandy Required privilege...