One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8336655 |
| Date de publication | 2023-05-15 13:15:09 (vue: 2023-05-15 15:09:04) |
| Titre | CVE-2023-0490 |
| Texte | The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. |
| Notes | |
| Envoyé | Oui |
| Condensat | 0490 2023 above allow attacks attributes back before contributor could cross cve does embed escape its not outputting page/post perform plugin role scripting shortcode site some stored them through toc users validate where which wordpress |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.