Lucene search
Felipe Tapia SasotWPVDB-ID:3CC1BB3C-E124-43D3-BC84-A493561A1387HistoryFeb 16, 2022 - 12:00 a.m.
Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting
2022-02-1600:00:00
Felipe Tapia Sasot
wpscan.com
8
0.001 Low
EPSS
Percentile
40.2%
The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting
PoC
Open the following URL when authenticated (as any user): https://example.com/user-dashboard/?search=keyword:
Related
patchstack
patchstack
nvd
nvd
CVE-2022-0449
2022-03-14 15:15:09
prion
prion
Cross site scripting
2022-03-14 15:15:00
cve
cve
CVE-2022-0449
2022-03-14 15:15:09
wpexploit
wpexploit
Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting
2022-02-16 00:00:00
cvelist
cvelist
CVE-2022-0449 Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting
2022-03-14 14:41:32