The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Put the following payload in the Link settings of a body party and save the change: ">alert(/XSS-link/)
CPE | Name | Operator | Version |
---|---|---|---|
interactive-medical-drawing-of-human-body | lt | 2.6 |