CVE-2022-1275

🗓️ 30 May 2022 08:35:40Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 71 Views🌐 WEB

The BannerMan WordPress plugin through 0.2.4 allows XSS attacks

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-1275	30 May 202209:15	–	attackerkb
CNNVD	WordPress plugin BannerMan 跨站脚本漏洞	30 May 202200:00	–	cnnvd
CNVD	WordPress BannerMan plugin跨站脚本漏洞	1 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1275 BannerMan <= 0.2.4 - Multiple Admin+ Stored Cross-Site Scripting	30 May 202208:35	–	cvelist
EUVD	EUVD-2022-24607	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1275	30 May 202209:15	–	nvd
Patchstack	WordPress BannerMan plugin <= 0.2.4 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities	10 May 202200:00	–	patchstack
Prion	Cross site scripting	30 May 202209:15	–	prion
RedhatCVE	CVE-2022-1275	22 May 202523:30	–	redhatcve
wpexploit	BannerMan <= 0.2.4 - Multiple Admin+ Stored Cross-Site Scripting	9 May 202200:00	–	wpexploit

NVD

Vulners

Node

stillbreathing bannermanRange≤0.2.4wordpress

[
  {
    "product": "BannerMan",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "0.2.4",
        "status": "affected",
        "version": "0.2.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/bc2e5be3-cd2b-4ee9-8d7a-cabce46b7092

Parameter	Position	Path	Description	CWE
Style your banner with CSS	request body	/wp-admin/options-general.php?page=bannerman	Unsanitized plugin settings allow XSS via stored payloads in plugin settings.	CWE-79
Background colour	request body	/wp-admin/options-general.php?page=bannerman	Unsanitized plugin settings allow XSS via stored payloads in plugin settings.	CWE-79

21 Nov 2024 06:40Current

4.9Medium risk

Vulners AI Score4.9

CVSS 23.5

CVSS 3.14.8

EPSS0.00206

CWE-79