Cross site scripting

2022-04-2516:16:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

24.8%

JSON

The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting

CPENameOperatorVersion
menubarlt5.8

CPE	Name	Operator	Version
	menubar	lt	5.8

References

wpscan.com/vulnerability/1c55fda9-e938-4267-be77-a6d73ee46af3

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for PRION:CVE-2022-1152