12 matches found
EUVD-2023-12565
Malicious code in bioql PyPI...
CVE-2023-0520
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...
CVE-2023-0520
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...
Cross site scripting
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...
CVE-2023-0520
CVE-2023-0520 corresponds to a Stored XSS in the RapidExpCart WordPress plugin up to version 1.0. The vulnerability arises because the url parameter in the rapidexpcart endpoint is not sanitized/escaped before storage and page output, enabling an attacker to inject script that can be executed in ...
CVE-2023-0520 RapidExpCart <= 1.0 - Stored XSS via CSRF
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...
CVE-2023-0520 RapidExpCart <= 1.0 - Stored XSS via CSRF
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...
WordPress plugin RapidExpCart 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-16328 · WordPress · Rapidexpcart
Name of the Vulnerable Software and Affected Versions: RapidExpCart WordPress plugin versions through 1.0 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. It occurs because the url parameter in the "rapidexpcart" endpoint is not properly sanitized and escaped befo...
WordPress RapidExpCart Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software RapidExpCart Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0520 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 78fd6df3f13c Credits Shreya Pohekar Required privile...
RapidExpCart <= 1.0 - Stored XSS via CSRF
The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection...
RapidExpCart <= 1.0 - Stored XSS via CSRF
The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection...