Lucene search
GemWPEX-ID:2011DC7B-8E8C-4190-AB34-DE288E14685BHistoryOct 28, 2022 - 12:00 a.m.
Spacer < 3.0.7 - Admin+ Stored XSS
2022-10-2800:00:00
gem
84
spacer
admin+
stored xss
settings
new spacer
space title
EPSS
0.001
Percentile
24.8%
The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Add new Spacers and add payload "><h1 onclick=alert(document.domain)>Gem</h1> to Settings ยป Spacer ยป Add Spacers ยป New Spacer ยป Space Title and submit.Related
wpvulndb
wpvulndb
Spacer < 3.0.7 - Admin+ Stored XSS
2022-10-28 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-11-21 11:15:00
cvelist
cvelist
CVE-2022-3618 Spacer < 3.0.7 - Admin+ Stored XSS
2022-11-21 00:00:00
cve
cve
CVE-2022-3618
2022-11-21 11:15:20
cnvd
cnvd
WordPress Spacer Cross-Site Scripting Vulnerability
2022-11-23 00:00:00
nvd
nvd
CVE-2022-3618
2022-11-21 11:15:20