Security Advisory

CVE-2024-8056

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-12 06:00:07

Last updated 2024-09-12 12:59:34

Assigner WPScan

State PUBLISHED

Description

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER[REQUEST_URI] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

← Browse all CVEs View on cve.org ↗