Lucene search
WpvulndbWPVDB-ID:C4BAB419-D17D-4789-BC9C-E14A98CE11FBHistoryOct 25, 2023 - 12:00 a.m.
ApplyOnline – Application Form Builder and Manager < 2.5.3 - Reflected XSS
2023-10-2500:00:00
wpscan.com
3
security vulnerability
xss
application form
Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 2.5.3 |
References
patchstack.com/database/vulnerability/apply-online/wordpress-applyonline-application-form-builder-and-manager-plugin-2-5-2-reflected-cross-site-scripting-xss-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/apply-online/applyonline-application-form-builder-and-manager-252-reflected-cross-site-scripting
Related
nvd
nvd
CVE-2023-45756
2023-10-25 18:17:34
prion
prion
Cross site scripting
2023-10-25 18:17:00
cve
cve
CVE-2023-45756
2023-10-25 18:17:34
cvelist
cvelist
wordfence
wordfence
5.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPVDB-ID:C4BAB419-D17D-4789-BC9C-E14A98CE11FB