Filtered by vendor Gutenberg Project
Subscriptions
Filtered by product Gutenberg
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-33994 | 1 Gutenberg Project | 1 Gutenberg | 2024-08-03 | 3.0 Low |
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. | ||||
CVE-2024-32586 | 1 Gutenberg Project | 1 Gutenberg | 2024-08-02 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munir Kamal Gutenberg Block Editor Toolkit allows Stored XSS.This issue affects Gutenberg Block Editor Toolkit: from n/a through 1.40.4. |
Page 1 of 1.