CVE-2022-0314 Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting

2022-04-1114:40:43

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

40.2%

JSON

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CNA Affected

[
  {
    "product": "Nimble Page Builder",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.2.2",
        "status": "affected",
        "version": "3.2.2",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/17585f16-c62c-422d-ad9c-9138b6da97b7

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for CVELIST:CVE-2022-0314