2 matches found
CVE-2022-3440
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...
PT-2021-22880 · Apache · Apache Jspwiki
Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.11.0 Description: A carefully crafted plugin link invocation could trigger an issue on Apache JSPWiki, related to the Denounce plugin, allowing the attacker to execute javascript in the victim's browser and...