3 matches found
CVE-2023-5243 Login screen manager <= 3.5.2 - Admin+ Stored XSS
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5243
CVE-2023-5243 affects the Login Screen Manager WordPress plugin (versions up to 3.5.2). The root cause is improper sanitization/escapement of certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even with unfiltered_html disallowed. Documented impact includes stored XSS on ...
WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d813a002456 Credits Nano Required privile...