Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.9 views

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS5.8AI score0.01785EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.23 views

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1CVSS0.01785EPSS
Exploits2References1
CVE
CVE
added 2022/06/13 12:42 p.m.117 views

CVE-2022-1756

The Newsletter WordPress plugin before 7.4.5 is affected by a Reflected XSS vulnerability: it fails to sanitize/escape $_SERVER['REQUEST_URI'] when echoing data on admin pages. This can allow injection of malicious scripts in certain requests, with impact limited to client-side script execution i...

6.1CVSS5.9AI score0.01785EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.25 views

CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $SERVER'REQUESTURI' before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as...

6.1AI score0.01785EPSS
Exploits2References1
Rows per page
Query Builder