Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member listing page to be active and using the Gerbera theme.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 4.15.0 |