5 matches found
CVE-2022-2190
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2190 Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2190 Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2190
CVE-2022-2190 affects the WordPress Gallery Plugin (Envira Gallery Lite) versions prior to 1.8.4.7. The underlying issue is that the plugin does not escape the $_SERVER['REQUEST_URI'] value before outputting it into an HTML attribute, enabling Reflected Cross-Site Scripting in older browsers. Acc...
CVE-2022-2190
creationtimestamp| type| source ---|---|--- 2022-04-05 07:21:47+00:00| published-proof-of-concept| https://t.me/reconshell/1236 2022-04-09 07:39:13+00:00| published-proof-of-concept| Telegram/-6ODXgzzWCxBZpYl68OshWRdD8e5O8jb0SVarNqOSvRoOA0 2022-10-31 19:37:58+00:00| seen|...