Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
4.8CVSS
4.5AI Score
0.001EPSS
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
4.8CVSS
4.7AI Score
0.001EPSS