2 matches found
CVE-2022-2189 WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2189
The vulnerability CVE-2022-2189 affects the WordPress plugin WP Video Lightbox prior to version 1.9.5. Root cause: the plugin does not escape the $_SERVER['REQUEST_URI'] parameter before echoing it into an HTML attribute, enabling Reflected Cross-Site Scripting in certain contexts, including olde...