112 matches found
WordPress Taskbuilder Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Taskbuilder plugin versions prior to 1.0.8 have a cross-site scripting vulnerability that stems fro...
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
Cross site scripting
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137 TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
WordPress plugin Taskbuilder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Taskbuilder plugin versions prior to 1.0.8 have a cross-site scripting vulnerability that stems fro...
PT-2022-20720 · WordPress · Taskbuilder
Name of the Vulnerable Software and Affected Versions: Taskbuilder WordPress plugin versions prior to 1.0.8 Description: The issue allows any authenticated user to perform Stored Cross-Site Scripting by attaching a malicious SVG file to a task, due to the lack of validation and sanitization of ta...
CVE-2022-3137
CVE-2022-3137 concerns the WordPress Taskbuilder plugin prior to 1.0.8. The vulnerability allows any authenticated user (e.g., a subscriber) who creates a task to perform a Persistent/Stored Cross-Site Scripting by attaching a malicious SVG file, due to insufficient validation and sanitization of...
TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
The plugin does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file PoC Create a SVG with the following content: As any authenticated user, such as...
TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
The plugin does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file Create a SVG with the following content: alertdocument.cookie; As any authenticated...
WordPress TaskBuilder plugin <= 1.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability via SVG file upload discovered by Rizacan Tufan in WordPress TaskBuilder plugin versions = 1.0.7. Solution Update the WordPress Taskbuilder plugin to the latest available version at least 1.0.8...