The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
6.1CVSS
6AI Score
0.001EPSS
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.
8.8CVSS
8.7AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard β Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard β Polls, Surveys & more: from n/a through 3.0.11.
7.1CVSS
6.3AI Score
0.0005EPSS