CVE-2024-3977

MEDIUM Year: 2024
CVSS v3 Score
5.1
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Related Vulnerabilities

CVE-2022-4647

MEDIUM
CVSS:5.1(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.

CWE-792022

CVE-2023-1270

MEDIUM
CVSS:5.1(Medium)

Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.

CWE-792023

CVE-2023-1704

MEDIUM
CVSS:5.1(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

CWE-792023

CVE-2024-44010

MEDIUM
CVSS:5.1(Medium)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2...

CWE-792024

CVE-2024-47313

MEDIUM
CVSS:5.1(Medium)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3...

CWE-792024

CVE-2024-47356

MEDIUM
CVSS:5.1(Medium)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1.

CWE-792024