Multiple Stored Cross-Site Scripting within SendPress Newsletter Settings due to improper input sanitation.
The vulnerable fields are:
- From Name
- From Email
- Where to send Test Email
Security Researcher | AppSec | DevSecOps | Cloud Security
Multiple Stored Cross-Site Scripting within SendPress Newsletter Settings due to improper input sanitation.
The vulnerable fields are:
An Authenticated Stored Cross-Site Scripting (XSS) was discovered within the Company Info “Motto” field. When creating a new newsletter using an empty template with the header module, the XSS would execute.
There is a Stored Cross-Site Scripting (XSS) in WP-Live Chat by 3CX v. 8.1.9 By 3CX within the Quick Response function. Due to the nature of this vulnerability, a malicious attack with access to a WordPress multisite and permissions to this plugin can craft a malformed JavaScript payload.