CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4960 – cloudfavorites favorites-web Nickname cross site scripting
https://notcve.org/view.php?id=CVE-2022-4960
12 Jan 2024 — A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/cloudfavorites/favorites-web/issues/127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2304 – Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2023-2304
30 May 2023 — The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/favorites/tags/2.3.2/app/API/Shortcodes/UserFavoritesShortcode.php#L57 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0287 – ityouknow favorites-web Comment cross site scripting
https://notcve.org/view.php?id=CVE-2023-0287
13 Jan 2023 — A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://gitee.com/ityouknow/favorites-web/issues/I684L9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •