4 matches found
CVE-2023-2743
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2743 WP ERP < 1.12.4 - Reflected Cross-Site Scripting
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2743 WP ERP < 1.12.4 - Reflected Cross-Site Scripting
The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2743
CVE-2023-2743 affects the WordPress WP ERP plugin prior to version 1.12.4. The vulnerability is a Reflected Cross-Site Scripting caused by failing to sanitize/escape the employee_name parameter before echoing it on the page, potentially impacting high-privilege users (e.g., admins). Exploitation ...