6 matches found
CVE-2024-8239
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2024-8239
The CVE-2024-8239 entry concerns the Starbox WordPress plugin (versions prior to 3.5.3). Affected component: rendering of social media profile URLs in certain contexts (e.g., malicious user profile or pages using the starbox shortcode). Root cause: improper handling/rendering leads to Stored XSS ...
CVE-2024-1273
The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Cross site scripting
The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2024-1273 Starbox < 3.5.0 - Contributor+ Stored XSS
The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2024-1273 Starbox < 3.5.0 - Contributor+ Stored XSS
The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...