6 matches found
WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting
The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...
CVE-2022-2168
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...
CVE-2022-2168
creationtimestamp| type| source ---|---|--- 2022-07-17 14:27:41+00:00| seen| https://t.me/cibsecurity/46384 2025-04-06 08:48:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-2168.yaml...
CVE-2022-2168
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...
CVE-2022-2168 Download Manager < 3.2.44 - Reflected Cross-Site Scripting
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting...
CVE-2022-2168
The CVE-2022-2168 issue affects the WordPress Download Manager plugin, specifically versions prior to 3.2.44. The vulnerability is a Cross-Site Scripting (XSS) flaw in the stats/history dashboard where a generated URL/user_ids value is not properly sanitized/escaped before output, allowing authen...