4 matches found
CVE-2024-5878
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-5878
CVE-2024-5878 is a stored DOM-based Cross-Site Scripting issue in WordPress NextGEN Gallery (and related plugins) via the SimpleLightbox JavaScript library (v2.1.5). The vulnerability is exploitable by authenticated attackers with contributor-level access or higher, who can inject scripts that ru...
CVE-2024-5878 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2024-5878 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled SimpleLightbox JavaScript library version 2.1.5 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...