Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/02/21 8:51 a.m.4 views

CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

5.8AI score0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/21 8:51 a.m.34 views

CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

5.5AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:51 a.m.74 views

CVE-2022-4666

CVE-2022-4666 affects the WordPress plugin Markup (JSON-LD) structured in schema.org up to version 4.8.1. The issue is unvalidated/unescaped shortcode attributes that can lead to Stored XSS when embedded in pages/posts by users with contributor role or higher. The connected documents confirm the ...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/02/21 12:0 a.m.17 views

WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder