2 matches found
tagDiv Composer < 4.2 - Unauthenticated Stored XSS
Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin = 2.4.5 versions...