Vulnerability Details CVE-2022-0381
The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.078
EPSS Ranking 91.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://gist.github.com/Xib3rR4dAr/4b3ea7960914e23c3a875b973a5b37a3
- https://plugins.trac.wordpress.org/browser/embed-swagger/trunk/swagger-iframe.php#L59
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0381
- https://gist.github.com/Xib3rR4dAr/4b3ea7960914e23c3a875b973a5b37a3
- https://plugins.trac.wordpress.org/browser/embed-swagger/trunk/swagger-iframe.php#L59
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0381
Products affected by CVE-2022-0381
-
cpe:2.3:a:embed_swagger_project:embed_swagger:-
-
cpe:2.3:a:embed_swagger_project:embed_swagger:1.0.0