all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

EazyDocs < 2.5.0 - Admin+ Stored XSSThe EazyDocs WordPress plugin before 2.5....

Add to bookmarks
July 2, 2024, 6 a.m. |

CVE | THREATINT - NEW cve.threatint.com

The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve...

admin attacks cross-site escape eve high plugin privilege scripting settings wordpress wordpress plugin

Visit resource

More from cve.threatint.com / CVE | THREATINT - NEW

playSMS Template injectionA vulnerability was found in playSMS 1.4.3. It has ... 19 hours ago | cve.threatint.com
amp app file found +7
Red Lion Europe: mbNET.mini vulnerable to OS command injectionA high privileg... 19 hours ago | cve.threatint.com
attacker can command commands +8
Uncontrolled Resource Consumption vulnerability in MESbookUncontrolled Resour... 19 hours ago | cve.threatint.com
attacker can code inject +8
Information exposure vulnerability vulnerability in MESbookInformation exposu... 19 hours ago | cve.threatint.com
access api attacker changing +8
playSMS Template injectionA vulnerability was found in playSMS 1.4.3. It has ... 21 hours ago | cve.threatint.com
amp app file found +5
Limited DoS due to permitting creating users with user-defined IDsMattermost ... 23 hours ago | cve.threatint.com
attacker defined dos fail +2
RemoteClusterFrame payloads are audit logged in fullMattermost versions 9.5.x... 23 hours ago | cve.threatint.com
access attacker audit audit logs +7
Creating posts with user-defined IDs permitted in CreatePost APIMattermost ve... 23 hours ago | cve.threatint.com
attacker defined fail ids +3
Timing attack during remote cluster token comparison when shared channels are... 23 hours ago | cve.threatint.com
attack cluster fail mattermost +4

Jobs in InfoSec / Cybersecurity

Find Talent

All-Source Analyst (Watch Floor) - Senior

@ Global Dimensions | Columbia, Maryland, United States
View on infosec-jobs.com

Field Account Executive

@ Darktrace | Kentucky, United States
View on infosec-jobs.com

Technical Operations Engineer - International

@ Anduril | London, England, United Kingdom
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Madhupur Upazila, Dhaka Division, Bangladesh
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Klang, Selangor, Malaysia
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Colombo, WP, Sri Lanka
View on infosec-jobs.com