11 matches found
CVE-2023-2579
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579 InventoryPress <= 1.7 - Author+ Stored XSS
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579 InventoryPress <= 1.7 - Author+ Stored XSS
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579
CVE-2023-2579 concerns the InventoryPress WordPress plugin (≤1.7). The issue is due to insufficient sanitisation/escaping of plugin settings, enabling authenticated users with role Author or higher to perform Stored XSS. Public writeups and Red Hat/NVD entries confirm the vulnerability and its pe...
WordPress plugin InventoryPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-20306 · WordPress · Inventorypress
Name of the Vulnerable Software and Affected Versions: InventoryPress WordPress plugin versions 1.7 and earlier Description: The issue allows users with the role of author and above to perform Stored Cross-Site Scripting attacks due to the plugin not sanitising and escaping some of its settings...
WordPress InventoryPress Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
Software InventoryPress Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2579 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 980d01840734 Credits daniloalbuqrque Require...
InventoryPress <= 1.7 - Author+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. 1. Create a "New Inventory Item" 2. In the "Description" field, add the value "alert"xss" 3. Edit the created item and see the XS...
Exploit for CVE-2023-2579
Update - 6-23-2023 The CVE-2023-2579 ID was reserved and the P...