Lucene search
China National Vulnerability DatabaseCNVD-2022-62803HistoryFeb 21, 2022 - 12:00 a.m.
WordPress Cozmoslabs Profile Builder plugin cross-site scripting vulnerability
2022-02-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
wordpress
cozmoslabs profile builder
cross-site scripting
vulnerability
php
mysql
javascript
client side
EPSS
0.002
Percentile
58.8%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Cozmoslabs Profile Builder plugin 3.6.1 and earlier versions have a cross-site scripting vulnerability that originates in the ~/assets/misc/fallback-page.php file site_url parameter is not sufficiently escaped and cleaned up. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
Related
cvelist
cvelist
wpexploit
wpexploit
Profile Builder < 3.6.2 - Reflected Cross-Site Scripting
2022-02-17 00:00:00
patchstack
patchstack
wordfence
wordfence
nuclei
nuclei
Wordpress Profile Builder Plugin Cross-Site Scripting
2022-02-24 11:33:20
wpvulndb
wpvulndb
Profile Builder < 3.6.2 - Reflected Cross-Site Scripting
2022-02-17 00:00:00
nvd
nvd
CVE-2022-0653
2022-02-24 19:15:09
zdt
zdt
cve
cve
CVE-2022-0653
2022-02-24 19:15:09
prion
prion
Cross site scripting
2022-02-24 19:15:00