CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-0422

The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue

Exploit prediction scoring system (EPSS) score

EPSS Score 0.113

EPSS Ranking 93.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://plugins.trac.wordpress.org/changeset/2672615
https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc
https://plugins.trac.wordpress.org/changeset/2672615
https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc

Products affected by CVE-2022-0422

Videousermanuals » White Label Cms » Version: N/A

cpe:2.3:a:videousermanuals:white_label_cms:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0422

Products

Pricing

Contact Us