Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin < 1.0.88 - Authenticated (Admin+) Arbitrary File Upload

Description The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or...

7.2CVSS7.7AI score0.01563EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Easy Social Feed < 6.5.7 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS5.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

Post Grid < 2.2.76 - Reflected Cross-Site Scripting

Description The Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

Announce from the Dashboard < 1.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00365EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.12 views

BizPrint < 4.5.4 - Printer Settings Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation within printer management. This makes it possible for unauthenticated attackers to modify printer settings and potentially perform other unauthorized actions via a forged request grante...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.13 views

Relevanssi Pro < 2.25 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...

7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.18 views

Template Kit – Import < 1.0.15 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the template upload functionality due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that wil...

6.4CVSS6AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.13 views

Unlimited Elements For Elementor < 1.5.94 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS6.5AI score0.0074EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.16 views

Beaver Builder < 2.8.0.7 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitra...

6.4CVSS5.9AI score0.00408EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.25 views

Forminator < 1.29.1 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

7.2CVSS5.8AI score0.00528EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.26 views

Metform Elementor Contact Form Builder < 3.8.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.14 views

Colibri Page Builder < 1.0.270 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This makes it possible for authenticated attackers, with contributor-leve...

6.4CVSS5.9AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.16 views

BizPrint < 4.5.4 - Unauthenticated WC Order Data Access

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview function. This makes it possible for unauthenticated attackers to expose potentially sensitive WooCommerce order data...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.23 views

Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings Save as Image"...

5.4AI score0.00266EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.18 views

FV Flowplayer Video Player < 7.5.44.7212 - Reflected Cross-Site Scripting

Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.3AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.19 views

Genesis Blocks < 3.1.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the block content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.19 views

Forminator < 1.29.1 - Reflected Cross-Site Scripting

Description The plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into...

7.1CVSS6.5AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.18 views

SEO Plugin by Squirrly SEO < 12.3.17 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS6.5AI score0.00421EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.18 views

Popup Builder < 4.2.7 - Contributor Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's sgpopup shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.26 views

Essential Addons for Elementor < 5.9.14 - Author+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possible for authenticated attackers, with author-level access and above, to inject ...

8.8CVSS7.2AI score0.00775EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.16 views

WP Google Maps < 9.0.30 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS6.5AI score0.00753EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.16 views

PowerPack Addons for Elementor < 2.7.18 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the htmltag attribute of multiple widgets due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web script...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.11 views

WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure

Description The plugin does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name PoC As a subscriber, open the following URL:...

6.9AI score0.00319EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.39 views

LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection

Description The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS7.6AI score0.18402EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.17 views

Custom Order Status for WooCommerce < 2.4.0 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as...

6.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/02 12:0 a.m.18 views

HT Mega < 2.4.4 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

Unlimited Elements For Elementor < 1.5.97 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget e.g., 'Button Link' due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acce...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.8 views

Piotnet Addons For Elementor < 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.9AI score0.00364EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.22 views

WPFront User Role Editor < 4.1.0 - Limited Information Exposure

Description The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.0052EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

Booster for WooCommerce < 7.1.8 - Reflected Cross-Site Scripting

Description The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00421EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.13 views

Fullscreen Galleria < 1.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Fullscreen Galleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

PowerPack Addons for Elementor < 2.7.19 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that...

6.4CVSS5.6AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.23 views

ReviewX < 1.6.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The ReviewX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

Sunshine Photo Cart < 3.1.2 - Reflected Cross-Site Scripting

Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.1CVSS6.3AI score0.00727EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

Image Hover Effects – Elementor Addon < 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'eihe_align'

Description The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eihealign' parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.9 views

Woo Viet < 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Woo Viet – WooCommerce for Vietnam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

Exchange Rates Widget < 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Exchange Rates Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

ElementsKit Elementor addons < 3.0.7 - Contributor+ Local File Inclusion

Description The plugin is vulnerable to Local File Inclusion via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...

8.8CVSS7.6AI score0.01482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

Podlove Podcast Publisher < 4.0.10 - Reflected Cross-Site Scripting

Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6.5AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

Sina Extension for Elementor < 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.13 views

PropertyHive < 2.0.9 - Reflected Cross-Site Scripting

Description The PropertyHive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

Podlove Web Player < 5.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Podlove Web Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' variable in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

Simply Schedule Appointments < 1.6.6.24 - Reflected Cross-Site Scripting

Description The Simply Schedule Appointments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

WP Directory Kit < 1.3.0 - Reflected Cross-Site Scripting

Description The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00421EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Portfolio Gallery – Image Gallery Plugin < 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

FlatPM < 3.1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The FlatPM plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 3.1.05 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web script...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

Exclusive Addons Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Exclusive Addons Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.35 views

Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access

Description The plugin is vulnerable to Sensitive Information Exposure via the loadmore function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts...

5.3CVSS6.5AI score0.00496EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

WCFM – Frontend Manager for WooCommerce < 6.7.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.7.8 due to insufficient input sanitization and output escaping...

5.9CVSS5.9AI score0.00353EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

WP Post Disclaimer < 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Post Disclaimer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the content disclaimer in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603