11 matches found
CVE-2023-0424
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2023-0424
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2023-0424 MS-Reviews <= 1.5 - Subscriber+ Stored XSS
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2023-0424 MS-Reviews <= 1.5 - Subscriber+ Stored XSS
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2023-0424
CVE-2023-0424 affects the MS-Reviews WordPress plugin,
PT-2023-16262 · WordPress · Ms-Reviews
Name of the Vulnerable Software and Affected Versions: MS-Reviews WordPress plugin versions 1.5 and earlier Description: The issue allows authenticated users, such as Subscribers, to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of reviews...
WordPress plugin MS-Reviews 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress MS-Reviews Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)
Software MS-Reviews Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0424 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 3c9df93ac5de Credits Rio Darmawan Required privilege...
MS-Reviews <= 1.5 - Subscriber+ Stored XSS
The plugin does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks As a subscriber, submit a review a page/post with msreviews embed with the following payload: alert/XSS/ The XSS will be triggered...
MS-Reviews <= 1.5 - Subscriber+ Stored XSS
The plugin does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks PoC As a subscriber, submit a review a page/post with msreviews embed with the following payload: The XSS will be triggered when...