2 matches found
WordPress BSK PDF Manager Plugin <= 3.4.1 is vulnerable to Cross Site Scripting (XSS)
Software BSK PDF Manager Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5110 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7c2ee2111335 Credits Lana Codes Required...
CVE-2023-5110
CVE-2023-5110 affects the BSK PDF Manager plugin for WordPress. The vulnerability is a stored XSS via the shortcode parameter bsk-pdfm-category-dropdown, caused by insufficient input sanitization and output escaping for user-supplied attributes in versions up to 3.4.1. Exploitation requires attac...