CVE-2024-5429

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-79
View all →

Vulnerability Description

The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Related Vulnerabilities

CVE-2016-6641

HIGH
CVSS:7.6(High)

Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-792016

CVE-2019-8987

HIGH
CVSS:7.6(High)

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows...

CWE-792019

CVE-2020-14610

HIGH
CVSS:7.6(High)

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). The supported version that is affected is 12.2.9. Easily exploitable vulne...

CWE-792020

CVE-2020-15159

HIGH
CVSS:7.6(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script fi...

CWE-792020

CVE-2020-35841

HIGH
CVSS:7.6(High)

Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 bef...

CWE-792020

CVE-2020-6847

HIGH
CVSS:7.6(High)

OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.

CWE-792020