6 matches found
WordPress Scalable Vector Graphics (SVG) Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)
Software Scalable Vector Graphics SVG Type Plugin Vulnerable versions = 3.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7085 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 893df7114366 Credits Bob Matyas...
CVE-2023-7085
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-7085
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-7085
CVE-2023-7085 affects the SVG WordPress plugin up to version 3.4, where uploaded SVG files are not sanitized, enabling stored XSS via SVGs submitted by users with Author+ privileges. Root cause: lack of sanitization in SVG upload handling. Impact per sources: XSS payloads could be processed in th...
CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...