Lucene search
WPScanCVELIST:CVE-2022-1153HistoryApr 25, 2022 - 3:51 p.m.
CVE-2022-1153 LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting
2022-04-2515:51:19
CWE-79
WPScan
www.cve.org
6
layerslider
wordpress
cve-2022-1153
cross-site scripting
admin
unfiltered html
sanitise
EPSS
0.001
Percentile
24.8%
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project’s slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
CNA Affected
[
{
"product": "LayerSlider",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.1.2",
"status": "affected",
"version": "7.1.2",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-1153
2022-04-25 16:16:08
nvd
nvd
CVE-2022-1153
2022-04-25 16:16:08
zdt
zdt
WordPress LayerSlider 7.1.2 Cross Site Scripting Vulnerability
2022-04-12 00:00:00
wpvulndb
wpvulndb
LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting
2022-03-29 00:00:00
cnvd
cnvd
WordPress plugin LayerSlider跨站脚本漏洞
2022-05-09 00:00:00
wpexploit
wpexploit
LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting
2022-03-29 00:00:00
prion
prion
Cross site scripting
2022-04-25 16:16:00
patchstack
patchstack
packetstorm
packetstorm
WordPress LayerSlider Cross Site Scripting
2022-04-11 00:00:00