5 matches found
CVE-2022-0641
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0641
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0641
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0641 Popup Like box < 3.6.1 - Reflected Cross-Site Scripting
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the aysfbtab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0641
The CVE-2022-0641 entry concerns the WordPress plugin Popup Like box (versions before 3.6.1). The issue is a Reflected Cross-Site Scripting vulnerability caused by the ays_fb_tab parameter not being sanitized/escaped before output in an admin page, enabling injected JavaScript if an attacker can ...