Lucene search
Krzysztof ZającWPVDB-ID:429BE4EB-8A6B-4531-9465-9EF0D35C12CCHistoryFeb 07, 2022 - 12:00 a.m.
White Label MS < 2.2.9 - Reflected Cross-Site Scripting
2022-02-0700:00:00
Krzysztof Zając
wpscan.com
9
white label ms
plugin
reflected cross-site scripting
sanitize
validate
parameter
xss
EPSS
0.001
Percentile
41.5%
The plugin does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
PoC
In v < 2.2.8, both unauthenticated and authenticated users can be attacked with it. In 2.2.8, it will only trigger against authenticated user
Related
cve
cve
CVE-2022-0422
2022-03-07 09:15:09
nvd
nvd
CVE-2022-0422
2022-03-07 09:15:09
cnvd
cnvd
WordPress White Label CMS Plugin Cross-Site Scripting Vulnerability
2022-03-09 00:00:00
prion
prion
Cross site scripting
2022-03-07 09:15:00
nuclei
nuclei
WordPress White Label CMS <2.2.9 - Cross-Site Scripting
2022-04-29 06:39:46
openvas
openvas
WordPress White Label CMS Plugin < 2.2.9 XSS Vulnerability
2022-03-22 00:00:00
wpexploit
wpexploit
White Label MS < 2.2.9 - Reflected Cross-Site Scripting
2022-02-07 00:00:00
cvelist
cvelist
CVE-2022-0422 White Label MS < 2.2.9 - Reflected Cross-Site Scripting
2022-03-07 08:16:34