CVE-2023-0147

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Related Vulnerabilities

CVE-2013-0375

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vect...

NVD-CWE-Other2013

CVE-2016-0245

MEDIUM
CVSS:5.4(Medium)

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external en...

NVD-CWE-Other2016

CVE-2016-0408

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity v...

NVD-CWE-Other2016

CVE-2016-0468

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affec...

NVD-CWE-Other2016

CVE-2016-0673

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF...

NVD-CWE-Other2016