3 matches found
Cross Site Scripting(XSS)
Concrete CMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper sanitization of the $nextLinkText and $previousLinkText variables in the Next Nav block, which allows attackers to execute malicious code...
WordPress 6.3.x < 6.3.2 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...
WP 5.6-6.3.1 - Contributor+ Stored XSS via Navigation Block
Description WordPress does not escape some of its Navigation block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...