Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.11 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS5.9AI score0.00468EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/10/10 9:15 p.m.7 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS6AI score0.00468EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/10/10 12:0 a.m.46 views

CVE-2022-3137 TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.5AI score0.00468EPSS
Exploits2References1
CVE
CVE
added 2022/10/10 12:0 a.m.58 views

CVE-2022-3137

CVE-2022-3137 concerns the WordPress Taskbuilder plugin prior to 1.0.8. The vulnerability allows any authenticated user (e.g., a subscriber) who creates a task to perform a Persistent/Stored Cross-Site Scripting by attaching a malicious SVG file, due to insufficient validation and sanitization of...

5.4CVSS5.2AI score0.00468EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder