CVE-2024-3594

HIGH Year: 2024
CVSS v3 Score
8.7
High
Weakness Type
CWE-79
View all →

Vulnerability Description

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Related Vulnerabilities

CVE-2019-12830

HIGH
CVSS:8.7(High)

In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCo...

CWE-792019

CVE-2020-13340

HIGH
CVSS:8.7(High)

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

CWE-792020

CVE-2020-15276

HIGH
CVSS:8.7(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component....

CWE-792020

CVE-2020-26210

HIGH
CVSS:8.7(High)

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous cont...

CWE-792020

CVE-2020-26211

HIGH
CVSS:8.7(High)

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context ...

CWE-792020

CVE-2020-26249

HIGH
CVSS:8.7(High)

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord u...

CWE-792020