6 matches found
Cross site scripting
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
CVE-2023-1019
CVE-2023-1019 affects the WordPress plugin Help Desk WP up to version 1.2.0. The vulnerability is a stored XSS caused by insufficient sanitization/escaping of certain parameters, which could allow users with a role as low as Editor to execute scripts. Public disclosures (Wordfence/RH/PRION/etc.) ...
CVE-2023-1019 Help Desk WP <= 1.2.0 - Editor+ Stored XSS
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
CVE-2023-1019 Help Desk WP <= 1.2.0 - Editor+ Stored XSS
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
Help Desk WP <= 1.2.0 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. PoC 1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin. 2. Click on "Add New Ticket", and...
Help Desk WP <= 1.2.0 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. 1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin. 2. Click on "Add New Ticket", and fill t...