4 matches found
CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...
CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...
CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 is affected by a Reflected XSS vulnerability: it fails to sanitize/escape $_SERVER['REQUEST_URI'] when echoing data on admin pages. This can allow injection of malicious scripts in certain requests, with impact limited to client-side script execution i...
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...