Security Advisory

CVE-2024-6020

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-04 06:00:02

Last updated 2024-09-04 14:23:36

Assigner WPScan

State PUBLISHED

Description

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER[REQUEST_URI] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.

← Browse all CVEs View on cve.org ↗