11 matches found
CVE-2023-4962
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-4962 Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-4962
CVE-2023-4962 affects the Video PopUp WordPress plugin (video-popup) up to version 1.1.3. Description: stored XSS via the video_popup shortcode due to insufficient input sanitization/output escaping; authenticated attackers with contributor+ can inject scripts that run for users on affected pages...
CVE-2023-4962 Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'videopopup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress Plugin Video PopUp Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Video PopUp < 1.1.4 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its videopopup shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
dermlasersurgery.com XSS vulnerability
Open Bug Bounty ID: OBB-645684 Description| Value ---|--- Affected Website:| dermlasersurgery.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
sbplasticsurgery.com XSS vulnerability
Open Bug Bounty ID: OBB-645676 Description| Value ---|--- Affected Website:| sbplasticsurgery.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
breastreconstructionhelp.com XSS vulnerability
Open Bug Bounty ID: OBB-645667 Description| Value ---|--- Affected Website:| breastreconstructionhelp.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
rhinoplasty-usa.com XSS vulnerability
Open Bug Bounty ID: OBB-645664 Description| Value ---|--- Affected Website:| rhinoplasty-usa.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
php.bildungs.tv XSS vulnerability
Open Bug Bounty ID: OBB-572986 Description| Value ---|--- Affected Website:| php.bildungs.tv Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...