- Lana Codes
- Common Vulnerabilities
Video Background by Push Labs <= 2.7.4 - Contributor+ Stored XSS
LANACOMMONVDB ID: dd9f3268-519a-4b4a-ab06-3d7785000daf
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
You must be log in to view vulnerability details.
Or register a new account.