Lucene search
Jeremie AmsellemWPEX-ID:DBE2C6CA-D2F1-40A2-83D5-4623C22D4D61HistoryNov 29, 2021 - 12:00 a.m.
MOLIE <= 0.5 - Reflected Cross-Site Scripting
2021-11-2900:00:00
Jeremie Amsellem
48
0.001 Low
EPSS
Percentile
40.2%
The plugin does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
https://example.com/wp-admin/admin.php?page=molie_course_check&course_id=alert(/XSS/)Related
cve
cve
CVE-2021-25006
2022-03-14 15:15:09
patchstack
patchstack
cnvd
cnvd
WordPress MOLIE plugin cross-site scripting vulnerability
2022-03-16 00:00:00
wpvulndb
wpvulndb
MOLIE <= 0.5 - Reflected Cross-Site Scripting
2021-11-29 00:00:00
nvd
nvd
CVE-2021-25006
2022-03-14 15:15:09
prion
prion
Cross site scripting
2022-03-14 15:15:00
cvelist
cvelist
CVE-2021-25006 MOLIE <= 0.5 - Reflected Cross-Site Scripting
2022-03-14 14:41:13