4 matches found
CVE-2024-0905 Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users...
CVE-2024-0905 Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users...
CVE-2024-0905
The vulnerability CVE-2024-0905 affects the Fancy Product Designer WordPress plugin up to version 6.1.8. It enables Reflected XSS by failing to sanitize/escape a parameter before echoing it on the page, potentially impacting unauthenticated users and admin users. The recommended fix is upgrading ...
WordPress Fancy Product Designer Plugin < 6.1.8 is vulnerable to Cross Site Scripting (XSS)
Software Fancy Product Designer Type Plugin Vulnerable versions 6.1.8 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0905 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fb94dea6052 Credits Bob Matyas...