85 matches found
CVE-2021-25088
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2021-25088
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2021-25088
CVE-2021-25088 affects the WordPress Google XML Sitemaps plugin prior to 4.1.3. The root cause is failure to sanitize/escape settings before outputting them on the Debug page, enabling Cross-Site Scripting by high-privilege users (e.g., in multisite). Impact is XSS; CVE details indicate the issue...
CVE-2021-25088 Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin XML Sitemaps 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress plugin XML Sitemaps 4.1.3,...
WordPress Google XML Sitemaps plugin <= 4.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Google XML Sitemaps plugin versions = 4.1.2. Solution Update the WordPress Google XML Sitemaps plugin to the latest available version at least 4.1.3...
Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...
Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Try to...
Magento 2 Community Edition RCE Vulnerability
A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary P...
WordPress Advanced Image Sitemaps plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Advanced Image Sitemaps plugin 1.2 and earlier versions are vulnerable to a cross-site scripting...
WordPress Better WordPress Google XML Sitemaps plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Better WordPress Google XML Sitemaps plugin version 1.4.1 and earlier versions are vulnerable to a cross-site scripting...
CVE-2022-0230
The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...
CVE-2022-0230
The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...
CVE-2022-0230
The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...
CVE-2022-0230
The CVE-2022-0230 entry concerns the WordPress plugin Better WordPress Google XML Sitemaps (
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Better WordPress Google XML Sitemaps plugin version 1.4.1 and earlier versions are vulnerable to a cross-site scripting...
Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins With the permalinks settings set to plain, as an unauthenticated user, open...
WordPress Better WordPress Google XML Sitemaps plugin <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Better WordPress Google XML Sitemaps plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of February 14, 2022 and is not available for download. This closur...
Xml-Sitemaps Cross-Site Request Forgery Vulnerability
Xml-Sitemaps is a file that lists important pages of a website. It is used to list important pages of a website. XML-Sitemaps' Unlimited Sitemap Generator has a security vulnerability, no details of the vulnerability are available at this time...