Lucene search
PRIOn knowledge basePRION:CVE-2022-1756HistoryJun 13, 2022 - 1:15 p.m.
Cross site scripting
2022-06-1313:15:00
PRIOn knowledge base
www.prio-n.com
8
0.001 Low
EPSS
Percentile
38.0%
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[βREQUEST_URIβ] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
| CPE | Name | Operator | Version |
|---|---|---|---|
| newsletter | lt | 7.4.5 |
Related
cvelist
cvelist
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting
2022-06-13 12:42:33
patchstack
patchstack
wpexploit
wpexploit
Newsletter < 7.4.5 - Reflected Cross-Site Scripting
2022-05-23 00:00:00
cnvd
cnvd
WordPress Newsletter pluginθ·¨η«θζ¬ζΌζ΄
2022-06-15 00:00:00
nvd
nvd
CVE-2022-1756
2022-06-13 13:15:11
wpvulndb
wpvulndb
Newsletter < 7.4.5 - Reflected Cross-Site Scripting
2022-05-23 00:00:00
jvn
jvn
nuclei
nuclei
Newsletter < 7.4.5 - Cross-Site Scripting
2023-08-17 07:49:11
openvas
openvas
WordPress Newsletter Plugin < 7.4.5 XSS Vulnerability
2022-06-21 00:00:00
cve
cve
CVE-2022-1756
2022-06-13 13:15:11