CVE-2022-1995 miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting

2022-06-2708:59:22

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

24.9%

JSON

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

CNA Affected

[
  {
    "product": "Malware Scanner",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.5.2",
        "status": "affected",
        "version": "4.5.2",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/62fb399d-3327-45d0-b10f-769d2d164903

0.001 Low

EPSS

Percentile

24.9%

JSON

Related for CVELIST:CVE-2022-1995