0xn4d

3 exploits Active since Jul 2023
CVE-2023-2123 NOMISEC MEDIUM WORKING POC
WP Inventory Manager <2.1.0.13 - XSS
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
2 stars
CVSS 6.1
CVE-2023-4460 NOMISEC MEDIUM WRITEUP
Uploading SVG, WEBP and ICO files < 1.2.1 - Authenticated Stored Cross-Site Scripting via SVG Upload
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
CVSS 5.4
CVE-2023-2579 NOMISEC MEDIUM WRITEUP
InventoryPress < 1.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
CVSS 5.4