Lucene search
+L

9 matches found

nvd
nvd
added 2022/06/13 1:15 p.m.22 views

CVE-2022-1336

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS0.00565EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/06/13 1:15 p.m.7 views

CVE-2022-1336

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS5.5AI score0.00565EPSS
Exploits2References2
osv
osv
added 2022/06/13 1:15 p.m.5 views

CVE-2022-1336

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
prion
prion
added 2022/06/13 1:15 p.m.15 views

Cross site scripting

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

3.5CVSS4.9AI score0.00565EPSS
Exploits2References1Affected Software1
cve
cve
added 2022/06/13 12:41 p.m.66 views

CVE-2022-1336

CVE-2022-1336 affects the Carousel CK WordPress plugin (versions ≤ 1.1.0). The issue is due to unsanitized/uncleaned Slide descriptions, allowing stored Cross-Site Scripting (XSS) when unfiltered_html is disallowed. Exploitation requires authenticated access (high-privilege users such as admin) a...

4.8CVSS4.9AI score0.00565EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/06/13 12:41 p.m.23 views

CVE-2022-1336 Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

5.2AI score0.00565EPSS
Exploits2References1
wpvulndb
wpvulndb
added 2022/05/18 12:0 a.m.15 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS2.2AI score0.00565EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.129 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS1AI score0.00565EPSS
Exploits2
patchstack
patchstack
added 2022/05/18 12:0 a.m.15 views

WordPress Carousel CK plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Carousel CK plugin versions = 1.1.0. Solution Deactivate and delete. This plugin has been closed as of May 16, 2022 and is not available for download. This closure is temporary, pending a full revi...

4.8CVSS2.2AI score0.00565EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder