Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2021-24408
- EPSS 0.16%
- Veröffentlicht 12.07.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:00
The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved...
6.1
CVE-2021-24409
- EPSS 13.25%
- Veröffentlicht 12.07.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:00
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
1