9 matches found
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
Cross site scripting
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4675
The CVE-2022-4675 entry concerns the WordPress plugin The Mongoose Page Plugin, prior to version 1.9.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of a shortcode attribute, enabling users with as little as Contributor role to injec...
PT-2023-15011 · WordPress · Mongoose Page Plugin
Name of the Vulnerable Software and Affected Versions: Mongoose Page Plugin WordPress plugin versions prior to 1.9.0 Description: The issue concerns a lack of validation and escaping of one of the shortcode attributes in the Mongoose Page Plugin, potentially allowing users with a role as low as...
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...