Description

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

Remediation

References

CVE-2023-5544

Related Vulnerabilities

WordPress Plugin Ocean Extra Cross-Site Scripting (1.9.4)

Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)

WordPress Plugin WP Subtitle Unspecified Vulnerability (2.5)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)

WordPress Plugin Bulk change of posts terms and post types Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2023-5544 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities