Lucene search
WpvulndbWPVDB-ID:5EF089AD-E57B-4517-BEB5-61BA13D3FD3BHistoryDec 13, 2022 - 12:00 a.m.
Launchpad <= 10.13 - Admin+ Stored XSS
2022-12-1300:00:00
wpscan.com
6
launchpad
admin
stored xss
cross-site scripting
multisite
0.0005 Low
EPSS
Percentile
17.9%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| launchpad-by-obox | eq | * |
Related
cvelist
cvelist
CVE-2023-0295
2023-01-13 19:54:33
nvd
nvd
CVE-2023-0295
2023-01-13 20:15:13
cve
cve
CVE-2023-0295
2023-01-13 20:15:13
prion
prion
Cross site scripting
2023-01-13 20:15:00