5 matches found
CVE-2024-4856
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...
CVE-2024-4856 FS Product Inquiry <= 1.1.1 - Reflected XSS
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...
CVE-2024-4856
CVE-2024-4856 refers to the FS Product Inquiry WordPress plugin (versions ≤ 1.1.1) and describes a reflected XSS flaw. The vulnerability arises from not sanitising/escaping a parameter before echoing it on the page, potentially impacting admins or unauthenticated users. Public sources corroborate...
CVE-2024-4856 FS Product Inquiry <= 1.1.1 - Reflected XSS
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users...
WordPress FS Product Inquiry Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software FS Product Inquiry Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4856 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 989359976d53 Credits Bob Matyas Requir...