CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.0%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

Products affected by CVE-2022-1396

Donorbox » Donorbox » Version: N/A

cpe:2.3:a:donorbox:donorbox:-
Donorbox » Donorbox » Version: 1.0

cpe:2.3:a:donorbox:donorbox:1.0
Donorbox » Donorbox » Version: 1.1

cpe:2.3:a:donorbox:donorbox:1.1
Donorbox » Donorbox » Version: 1.2

cpe:2.3:a:donorbox:donorbox:1.2
Donorbox » Donorbox » Version: 2.0

cpe:2.3:a:donorbox:donorbox:2.0
Donorbox » Donorbox » Version: 3.0

cpe:2.3:a:donorbox:donorbox:3.0
Donorbox » Donorbox » Version: 4.0

cpe:2.3:a:donorbox:donorbox:4.0
Donorbox » Donorbox » Version: 5.0

cpe:2.3:a:donorbox:donorbox:5.0
Donorbox » Donorbox » Version: 6.0

cpe:2.3:a:donorbox:donorbox:6.0
Donorbox » Donorbox » Version: 6.1

cpe:2.3:a:donorbox:donorbox:6.1
Donorbox » Donorbox » Version: 6.2

cpe:2.3:a:donorbox:donorbox:6.2
Donorbox » Donorbox » Version: 7.0

cpe:2.3:a:donorbox:donorbox:7.0
Donorbox » Donorbox » Version: 7.1

cpe:2.3:a:donorbox:donorbox:7.1
Donorbox » Donorbox » Version: 7.1.1

cpe:2.3:a:donorbox:donorbox:7.1.1
Donorbox » Donorbox » Version: 7.1.2

cpe:2.3:a:donorbox:donorbox:7.1.2
Donorbox » Donorbox » Version: 7.1.3

cpe:2.3:a:donorbox:donorbox:7.1.3
Donorbox » Donorbox » Version: 7.1.4

cpe:2.3:a:donorbox:donorbox:7.1.4
Donorbox » Donorbox » Version: 7.1.5

cpe:2.3:a:donorbox:donorbox:7.1.5
Donorbox » Donorbox » Version: 7.1.6

cpe:2.3:a:donorbox:donorbox:7.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1396

Products

Pricing

Contact Us