Lucene search
WpvulndbWPVDB-ID:42F06AB1-E775-40C6-BFB3-8059B46B4821HistoryAug 02, 2022 - 12:00 a.m.
Banner Cycler <= 1.4 - Stored Cross-Site Scripting via CSRF
2022-08-0200:00:00
wpscan.com
5
banner cycler
stored xss
csrf
cross-site scripting
sanitisation
escaping
admin
0.001 Low
EPSS
Percentile
50.5%
The plugin does not have CSRF check when saving its slide settings, and is also lacking sanitisation as well as escaping in some of them, which could allow attacker to make a logged in admin change them via a CSRF attack and put Cross-Site Scripting payloads in them.
| CPE | Name | Operator | Version |
|---|---|---|---|
| banner-cycler | eq | * |
Related
cve
cve
CVE-2022-2233
2022-09-06 18:15:13
nvd
nvd
CVE-2022-2233
2022-09-06 18:15:13
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-09-06 18:15:00
cvelist
cvelist
CVE-2022-2233
2022-09-06 17:18:55