Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2022-4465
- EPSS 0.2%
- Veröffentlicht 16.01.2023 16:15:12
- Zuletzt bearbeitet 07.04.2025 19:15:47
The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin...
6.1
CVE-2022-2189
- EPSS 0.1%
- Veröffentlicht 25.07.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 07:00:30
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
5.4
CVE-2021-24665
- EPSS 0.18%
- Veröffentlicht 30.08.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:31
The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
1