- Lana Codes
- Common Vulnerabilities
Resume Builder by Justin Scheetz <= 3.1.1 - Subscriber+ Stored XSS
LANACOMMONVDB ID: bd55ff1d-df0e-4e42-b303-9d5ccdfa8f79
The plugin does not sanitize and escape some parameters related to resume, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting (XSS) attacks against higher privilege users.
You must be log in to view vulnerability details.
Or register a new account.