CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24678 – CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24678
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks El plugin CM Tooltip Glossary de WordPress versiones anteriores a 3.9.21, no escapa a algunos atributos del shortcode glossary_tooltip, lo que podría permitir a usuarios con un rol tan bajo como el de Contributor llevar a cabo ataques de tipo Cross-Site Scripting Almacenado The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.9.20 due to insufficient input sanitization and output escaping. It does not escape some glossary_tooltip shortcode attributes. This makes it possible for Contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/b83880f7-8614-4409-9305-d059b5df15dd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000132 – CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000132
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 Vulnerabilidad de XSS reflejada en el plugin de wordpress enhanced-tooltipglossary v3.2.8 Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.3.4 via the itemsnumber parameter. • http://www.securityfocus.com/bid/93865 http://www.vapidlabs.com/wp/wp_advisory.php?v=37 https://wordpress.org/plugins/enhanced-tooltipglossary • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •