CVE-2024-5573

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Related Vulnerabilities

CVE-2018-6682

MEDIUM
CVSS:5.9(Medium)

Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.

CWE-792018

CVE-2019-14415

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another u...

CWE-792019

CVE-2019-7000

MEDIUM
CVSS:5.9(Medium)

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencin...

CWE-792019

CVE-2020-13407

MEDIUM
CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020

CVE-2020-13408

MEDIUM
CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020

CVE-2020-13409

MEDIUM
CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020