2 matches found
CVE-2021-24308
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. Thi...
CVE-2021-22231
CVE-2021-22231 describes a denial-of-service impacting GitLab CE/EE pages for user profiles, starting with GitLab CE/EE 8.0. The issue allows an attacker to create a specially crafted username to block access to a user’s profile page. Multiple connected sources confirm the vulnerability exists in...