3 matches found
CVE-2025-5235
creationtimestamp| type| source ---|---|--- 2025-05-30 10:03:24+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqexygzrnsj2...
CVE-2025-5235
CVE-2025-5235 concerns the WordPress plugin OpenSheetMusicDisplay (versions up to and including 1.4.0). The root cause is insufficient input sanitization and output escaping of the className parameter, enabling stored cross-site scripting. Exploitation requires an attacker with Contributor-level ...
WordPress OpenSheetMusicDisplay plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin OpenSheetMusicDisplay versions = 1.4.0...