Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
1. Create a new slider and inset: (1212"onmouseover=‘alert(1)’) to “URL View” field.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.2.11 |