Lucene search
WpvulndbWPEX-ID:FB43B9C3-CC9D-44AE-AD37-9925E9879C8FHistoryJan 26, 2022 - 12:00 a.m.
Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting
2022-01-2600:00:00
wpvulndb
65
0.002 Low
EPSS
Percentile
60.0%
The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0.
https://example.com/wp-content/plugins/embed-swagger/swagger-iframe.php?url=https://wpscan.com?a="-alert(`XSS`)-"Related
nvd
nvd
CVE-2022-0381
2022-02-04 23:15:12
cve
cve
CVE-2022-0381
2022-02-04 23:15:12
wpvulndb
wpvulndb
Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting
2022-01-26 00:00:00
cvelist
cvelist
CVE-2022-0381 Embed Swagger <= 1.0.0 Reflected Cross-Site Scripting
2022-02-04 22:29:25
prion
prion
Cross site scripting
2022-02-04 23:15:00
nuclei
nuclei
WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting
2022-03-07 18:19:41
patchstack
patchstack