CVE-2020-29304

Self-reflected cross-site scripting in DirectoriesPro by SabaiApps | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

A self-reflected cross-site scripting (XSS) vulnerability in the WordPress SabaiApps DirectoriesPro plugin 1.3.45 allows attackers who have convinced a site administrator to import a specially crafted CSV file, to inject arbitrary JavaScript or HTML into the subsequent responses generated by the web application.

Successful exploitation of this issue may allow an attacker to perform unauthorised actions in the user’s security context.

Affected Versions

Discovered in: 1.3.45

Fixed Versions

Fixed in: 1.3.46

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News