Lucene search
ZhangyunpeiWPEX-ID:BA372400-96F7-45A9-9E89-5984ECC4D1E2HistoryDec 07, 2022 - 12:00 a.m.
WP Social Sharing <= 2.2 - Admin+ Stored XSS
2022-12-0700:00:00
zhangyunpei
178
stored xss
admin
settings
default share image
plugin
0.001 Low
EPSS
Percentile
23.5%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Go to Settings ยป WP Social Sharing page of the plugin, enter the following payload into the input box named 'Default share image': x" onerror="alert(/XSS/)"
2. Click 'Save Changes' and refresh the page to see the XSS popup.Related
cve
cve
CVE-2022-4198
2023-01-02 22:15:16
prion
prion
Cross site scripting
2023-01-02 22:15:00
wpvulndb
wpvulndb
WP Social Sharing <= 2.2 - Admin+ Stored XSS
2022-12-07 00:00:00
nvd
nvd
CVE-2022-4198
2023-01-02 22:15:16
cvelist
cvelist
CVE-2022-4198 WP Social Sharing <= 2.2 - Admin+ Stored XSS
2023-01-02 21:49:15
fedora
fedora
[SECURITY] Fedora 36 Update: OpenImageIO-2.3.21.0-1.fc36
2022-12-31 01:17:01
openvas
openvas
Fedora: Security Advisory for OpenImageIO (FEDORA-2022-e63bc3eca2)
2022-12-31 00:00:00
nessus
nessus
Fedora 36 : OpenImageIO (2022-e63bc3eca2)
2022-12-31 00:00:00
GLSA-202305-33 : OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00
gentoo
gentoo
OpenImageIO: Multiple Vulnerabilities
2023-05-30 00:00:00