Lucene search

K
wpvulndbWpvulndbWPVDB-ID:A30A7C06-16E0-434A-80E2-92A30F6A4CE2
HistoryOct 17, 2023 - 12:00 a.m.

Fotomoto <= 1.2.8 - Reflected XSS

2023-10-1700:00:00
wpscan.com
4
fotomoto
plugin
xss
vulnerability
sanitise
escape
parameters
admin

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

20.2%

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

20.2%

Related for WPVDB-ID:A30A7C06-16E0-434A-80E2-92A30F6A4CE2