admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-4757.md

18 lines
1.0 KiB
Markdown
Raw Normal View History

Update CVE sources 2024-05-28 08:49
2024-05-28 08:49:17 +00:00
### [CVE-2023-4757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4757)
![](https://img.shields.io/static/v1?label=Product&message=Staff%20%2F%20Employee%20Business%20Directory%20for%20Active%20Directory&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
### Description
The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.
### POC
#### Reference
- https://wpscan.com/vulnerability/0b953413-cf41-4de7-ac1f-c6cb995fb158/
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink