Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2024-4707
- EPSS 0.23%
- Veröffentlicht 06.06.2024 04:15:13
- Zuletzt bearbeitet 21.11.2024 09:43:25
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on u...
5.4
CVE-2022-4762
- EPSS 0.2%
- Veröffentlicht 06.02.2023 20:15:12
- Zuletzt bearbeitet 25.03.2025 19:15:40
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scri...
1