The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
References
Link | Resource |
---|---|
https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin | Exploit |
https://wpscan.com/vulnerability/44448888-cd5d-482e-859e-123e442ce5c1 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-08-16T11:03:22.025Z
Updated: 2023-08-16T11:03:22.025Z
Reserved: 2023-04-17T15:33:19.189Z
Link: CVE-2023-2123
JSON object: View
NVD Information
Status : Modified
Published: 2023-08-16T12:15:12.700
Modified: 2023-11-07T04:12:00.750
Link: CVE-2023-2123
JSON object: View
Redhat Information
No data.
CWE
No CWE.