Lucene search
PRIOn knowledge basePRION:CVE-2022-2695HistorySep 06, 2022 - 6:15 p.m.
Cross site scripting
2022-09-0618:15:00
PRIOn knowledge base
www.prio-n.com
2
wordpress
xss
stored cross-site scripting
input sanitization
output escaping
beaver builder.
0.001 Low
EPSS
Percentile
23.0%
The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘caption’ parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the Beaver Builder editor and the ability to upload media files to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| beaver_builder | le | 2.5.5.2 |
Related
cvelist
cvelist
nvd
nvd
CVE-2022-2695
2022-09-06 18:15:14
patchstack
patchstack
wpvulndb
wpvulndb
Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Caption
2022-08-30 00:00:00
cve
cve
CVE-2022-2695
2022-09-06 18:15:14