Lucene search
WpvulndbWPVDB-ID:A70C9748-1928-45F1-BAB6-F256AC8F2EBCHistoryJan 03, 2024 - 12:00 a.m.
PageLayer < 1.7.9 - Contributor+ Stored XSS
2024-01-0300:00:00
wpscan.com
5
pagelayer plugin
stored xss
input sanitization
output escaping
contributor-level permissions
arbitrary web scripts
reintroduction vulnerability
version 1.7.7 patch
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘pagelayer_header_code’, ‘pagelayer_body_open_code’, and ‘pagelayer_footer_code’ meta fields due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.7.9 |
Related
nvd
nvd
CVE-2023-6738
2024-01-04 04:15:09
prion
prion
Cross site scripting
2024-01-04 04:15:00
cvelist
cvelist
CVE-2023-6738
2024-01-04 03:30:13
cve
cve
CVE-2023-6738
2024-01-04 04:15:09
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%
Related for WPVDB-ID:A70C9748-1928-45F1-BAB6-F256AC8F2EBC