5 matches found
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1644
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1644 Call&Book Mobile Bar <= 1.2.2 - Admin+ Stored Cross Site Scripting
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1644
CVE-2022-1644 affects the Call&Book Mobile Bar WordPress plugin up to version 1.2.2. The vulnerability stems from inadequate sanitization/escaping of certain settings, allowing a high-privilege user (e.g., admin) to perform stored XSS even when unfiltered_html is disallowed. Exploitation details ...