Lucene search
ArvandyWPEX-ID:DC3A841D-A95B-462E-BE4B-ACAA44E77264HistoryJun 05, 2023 - 12:00 a.m.
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
2023-06-0500:00:00
Arvandy
81
kivicare
cross-site scripting
admin-access
ajax-request
vulnerability
security-exploit
EPSS
0.003
Percentile
72.0%
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator
Make a logged in admin open https://example.com/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=%3Cimg%20src%20onerror=alert(`XSS`)%3ERelated
cve
cve
CVE-2023-2624
2023-06-27 14:15:11
zdt
zdt
WordPress KiviCare 3.2.0 Cross Site Scripting Vulnerability
2023-10-03 00:00:00
prion
prion
Cross site scripting
2023-06-27 14:15:00
cvelist
cvelist
packetstorm
packetstorm
WordPress KiviCare 3.2.0 Cross Site Scripting
2023-10-03 00:00:00
wpvulndb
wpvulndb
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
2023-06-05 00:00:00
nvd
nvd
CVE-2023-2624
2023-06-27 14:15:11