Vulnerabilities > Vasyltech > Advanced Access Manager > 6.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-51674 | Cross-site Scripting vulnerability in Vasyltech Advanced Access Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | 5.4 |
| 2023-12-29 | CVE-2023-51675 | Open Redirect vulnerability in Vasyltech Advanced Access Manager URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | 5.4 |
| 2023-12-29 | CVE-2023-50881 | Cross-site Scripting vulnerability in Vasyltech Advanced Access Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. | 5.4 |
| 2021-11-23 | CVE-2021-24830 | Cross-site Scripting vulnerability in Vasyltech Advanced Access Manager The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |