Cross-site Scripting (XSS)

2023-02-0910:12:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

wikiseo

vulnerability

meta property tag handler

html elements

javascript injection

0.002 Low

EPSS

Percentile

54.6%

JSON

tinymighty/wiki-seo is vulnerable to Cross-Site Scripting (XSS). The vulnerability exist in the Meta Property Tag Handler parameter of WikiSEO.body.php due to the lack of validation in the html elements when adding a user which allows an attacker to inject and execute malicious JavaScript.

CPENameOperatorVersion
tinymighty/wiki-seole1.2.1
tinymighty/wiki-seole1.2.1

CPE	Name	Operator	Version
	tinymighty/wiki-seo	le	1.2.1
	tinymighty/wiki-seo	le	1.2.1

References

github.com/advisories/GHSA-84mm-prjg-49xm

github.com/tinymighty/wiki-seo/commit/089a5797be612b18a820f9f1e6593ad9a91b1dba

github.com/tinymighty/wiki-seo/pull/21

github.com/tinymighty/wiki-seo/releases/tag/1.2.2

vuldb.com/?ctiid.220215

vuldb.com/?id.220215

0.002 Low

EPSS

Percentile

54.6%

JSON

Related for VERACODE:39181