CVE-2024-3753 – Hostel < 1.1.5.3 - Reflected XSS

https://notcve.org/view.php?id=CVE-2024-3753

22 Jun 2024 — The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El complemento Hostel WordPress anterior a 1.1.5.3 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross-Site Scripting Reflejado que podría usarse contra usuarios con privilegios elevados, como el administrador. The Hostel plugin for WordPress is ... • https://wpscan.com/vulnerability/e140e109-4176-4b26-bf63-198262a31409 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •