6 matches found
System Dashboard < 2.8.10 - Cross-Site Scripting
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks through header injection, specifically in the X-Forwarded-For header. id: CVE-2023-7246...
CVE-2023-7246
creationtimestamp| type| source ---|---|--- 2024-08-16 22:05:07+00:00| seen| https://t.me/cvedetector/3364 2025-04-04 14:05:31+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-7246.yaml...
WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)
Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...
CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...
CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...
CVE-2023-7246
CVE-2023-7246 is tied to the WordPress plugin System Dashboard prior to version 2.8.10. The issue arises because the plugin does not sanitize and escape certain parameters, enabling authenticated multisite administrators to perform Cross-Site Scripting through header manipulation, specifically vi...