4 matches found
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1896
The CVE-2022-1896 entry concerns the WordPress underConstruction plugin pre-1.21. The vulnerability arises because the setting “Display a custom page using your own HTML” is not sanitized/escaped before output, allowing stored Cross-Site Scripting by high-privilege users even when unfiltered_html...
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...