4 matches found
CVE-2023-4757
CVE-2023-4757 affects the WordPress plugin “Staff / Employee Business Directory for Active Directory” (LDAP/AD directory plugin) prior to version 1.2.3. The root cause is improper escaping of data returned from the LDAP server, allowing LDAP-controlled entries to inject malicious JavaScript when ...
CVE-2023-4757 Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...
CVE-2023-4757 Staff / Employee Business Directory for Active Directory < 1.2.3 - Improper escaping of LDAP entries
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could...
WordPress Staff / Employee Business Directory for Active Directory Plugin < 1.2.3 is vulnerable to Broken Access Control
Software Staff / Employee Business Directory for Active Directory Type Plugin Vulnerable versions 1.2.3 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4757 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 41d386a4513c...