Lucene search

K

CVE-2022-1091

🗓️ 18 Apr 2022 18:09:15Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov👁 91 Views

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks)

Show more
Related
Detection
Affected
Refs
Nvd
Vulners
Node
10upsafe_svgRange<1.9.10wordpress
[
  {
    "product": "Safe SVG",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.9.10",
        "status": "affected",
        "version": "1.9.10",
        "versionType": "custom"
      }
    ]
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
18 Apr 2022 18:15Current
6Medium risk
Vulners AI Score6
CVSS24.3
CVSS36.1
EPSS0.001
91
.json
Report