CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24603 – Site Reviews < 5.13.1 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24603
The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed El plugin de WordPress Site Reviews versiones anteriores a 5.13.1, no sanea algunos de los Detalles de las Reseñas cuando se añade una reseña como administrador, que podría permitir llevar a cabo ataques de tipo Cross-Site Scripting cuando unfiltered_html no está permitida. • https://wpscan.com/vulnerability/72aea0e5-1fa7-4827-a173-59982202d323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0603 – Site Reviews <= 2.15.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0603
Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de tipo Cross-Site Scripting (XSS) en Site Reviews en versiones anteriores a la 2.15.3 permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN60978548/index.html https://wordpress.org/plugins/site-reviews/#developers https://wpvulndb.com/vulnerabilities/9102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •