2 matches found
CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS
The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...
WordPress Interactive Content – H5P Plugin < 1.15.8 is vulnerable to Cross Site Scripting (XSS)
Software Interactive Content – H5P Type Plugin Vulnerable versions 1.15.8 Fixed in 1.15.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b51ad18a9f74 Credits Dmitrii Ignaty...