The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/aa868380-cda7-4ec6-8a3f-d9fa692908f2 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/aa868380-cda7-4ec6-8a3f-d9fa692908f2 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-31 14:15
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5211
Mitre link : CVE-2023-5211
CVE.ORG link : CVE-2023-5211
JSON object : View
Products Affected
fattura24
- fattura24
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')