CVE-2024-4305

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Related Vulnerabilities

CVE-2019-0308

MEDIUM
CVSS:6.8(Medium)

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTM...

CWE-792019

CVE-2019-15053

MEDIUM
CVSS:6.8(Medium)

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element.

CWE-792019

CVE-2020-11001

MEDIUM
CVSS:6.8(Medium)

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission ...

CWE-792020

CVE-2020-28487

MEDIUM
CVSS:6.8(Medium)

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.

CWE-792020

CVE-2021-3866

MEDIUM
CVSS:6.8(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

CWE-792021

CVE-2021-3879

MEDIUM
CVSS:6.8(Medium)

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-792021