CVE-2023-30148 Information

Description

Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock version 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.

Reference

https://security.friendsofpresta.org/modules/2023/10/10/opartmultihtmlblock.html