Lucene search
Dmitrii IgnatyevWPEX-ID:7413D5EC-10A7-4CB8-AC1C-4EF554751518HistoryFeb 28, 2024 - 12:00 a.m.
System Dashboard < 2.8.10 - XSS via Header Injection
2024-02-2800:00:00
Dmitrii Ignatyev
138
xss
header injection
exploit
x-forwarded-for
Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks
X-Forwarded-For: 11.11.11.11<script>alert(1)</script>References
Related
cve
cve
CVE-2023-7246
2024-03-20 05:15:45
CVE-2023-5888
2024-08-16 19:15:06
cvelist
cvelist
CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection
2024-03-20 05:00:02
nvd
nvd
CVE-2023-7246
2024-03-20 05:15:45
CVE-2023-5888
2024-08-16 19:15:06
wpvulndb
wpvulndb
System Dashboard < 2.8.10 - XSS via Header Injection
2024-02-28 00:00:00
vulnrichment
vulnrichment
CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection
2024-03-20 05:00:02
AI Score
6.1
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:7413D5EC-10A7-4CB8-AC1C-4EF554751518