Lucene search
Dmitrii IgnatyevWPEX-ID:02928DB8-CEB3-471A-B626-CA661D073E4FHistorySep 21, 2023 - 12:00 a.m.
Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
2023-09-2100:00:00
Dmitrii Ignatyev
40
magee shortcodes
stored xss
version 2.1.1
contributor+
EPSS
0
Percentile
14.0%
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
[ms_alert icon="fa-exclamation-circle" background_color="#ffcc00" text_color="#ffffff" border_width="0" border_radius="0" box_shadow="no" dismissable="yes" class="" id='" onmouseover="alert(/XSS/)"']Warning! Better check yourself, you're not looking too good.[/ms_alert]Related
cvelist
cvelist
nvd
nvd
CVE-2023-4783
2023-10-16 20:15:16
cve
cve
CVE-2023-4783
2023-10-16 20:15:16
prion
prion
Cross site scripting
2023-10-16 20:15:00
wpvulndb
wpvulndb
Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
2023-09-21 00:00:00