CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24678 – CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24678
06 Sep 2021 — The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks El plugin CM Tooltip Glossary de WordPress versiones anteriores a 3.9.21, no escapa a algunos atributos del shortcode glossary_tooltip, lo que podría permitir a usuarios con un rol tan bajo como el de Contributor llevar a cabo ataques de tipo Cross-Site Scripting Almacenado The CM Tooltip Glossar... • https://wpscan.com/vulnerability/b83880f7-8614-4409-9305-d059b5df15dd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2016-1000132 – CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000132
10 Oct 2016 — Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 Vulnerabilidad de XSS reflejada en el plugin de wordpress enhanced-tooltipglossary v3.2.8 Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.3.4 via the itemsnumber parameter. • http://www.securityfocus.com/bid/93865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •