Lucene search
WpvulndbWPEX-ID:99059337-C3CD-4E91-9A03-DF32A05B719CHistoryMar 30, 2022 - 12:00 a.m.
Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
2022-03-3000:00:00
wpvulndb
63
clipr plugin
stored xss
api key settings
frontend pages
EPSS
0.001
Percentile
36.0%
The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
Put the following payload in the API Key settings of the plugin: '></script><script>alert(/XSS/)</script>
The XSS will be triggered when viewing the settings again, as well as all frontend pagesReferences
Related
patchstack
patchstack
cvelist
cvelist
CVE-2022-1559 Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
2022-05-16 14:31:13
cnvd
cnvd
WordPress Cliprs plugin cross-site scripting vulnerability
2022-05-18 00:00:00
nvd
nvd
CVE-2022-1559
2022-05-16 15:15:10
prion
prion
Cross site scripting
2022-05-16 15:15:00
wpvulndb
wpvulndb
Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
2022-03-30 00:00:00
cve
cve
CVE-2022-1559
2022-05-16 15:15:10