Lucene search
K

6 matches found

Nuclei
Nuclei
added 17 hours ago19 views

System Dashboard < 2.8.10 - Cross-Site Scripting

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks through header injection, specifically in the X-Forwarded-For header. id: CVE-2023-7246...

5.4CVSS6.1AI score0.00813EPSS
Exploits2References3
Circl
Circl
added 2024/08/16 10:5 p.m.12 views

CVE-2023-7246

creationtimestamp| type| source ---|---|--- 2024-08-16 22:05:07+00:00| seen| https://t.me/cvedetector/3364 2025-04-04 14:05:31+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-7246.yaml...

5.4CVSS4.8AI score0.00813EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.17 views

WordPress System Dashboard Plugin < 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Software System Dashboard Type Plugin Vulnerable versions 2.8.10 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7246 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b19780b836 Credits Dmitrii Ignatyev Requir...

5.4CVSS6AI score0.00813EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/20 5:0 a.m.14 views

CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...

6.1AI score0.00813EPSS
Exploits2References1
CVE
CVE
added 2024/03/20 5:0 a.m.102 views

CVE-2023-7246

CVE-2023-7246 is tied to the WordPress plugin System Dashboard prior to version 2.8.10. The issue arises because the plugin does not sanitize and escape certain parameters, enabling authenticated multisite administrators to perform Cross-Site Scripting through header manipulation, specifically vi...

5.4CVSS5.2AI score0.00813EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/03/20 5:0 a.m.24 views

CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...

6AI score0.00813EPSS
Exploits2References1
Rows per page
Query Builder