3 matches found
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
CVE-2022-1216 Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...
CVE-2022-1216
The CVE-2022-1216 entry applies to the WordPress plugin Advanced Image Sitemap (versions up to 1.2). The authenticated admin-facing page outputs PHP_SELF without proper sanitisation/escaping, enabling Reflected Cross-Site Scripting via an attribute value in an admin page. The issue is documented ...