Lucene search
WpvulndbWPVDB-ID:D63FEDBD-2F5B-4701-BD18-C8E760B4815DHistoryAug 29, 2022 - 12:00 a.m.
Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Image URL
2022-08-2900:00:00
wpscan.com
7
beaver builder
authenticated
stored xss
image url
media block
cross-site scripting
attacks
0.001 Low
EPSS
Percentile
23.0%
The plugin does not sanitise and escape the Image URL field of the Media block, which could allow users with access to the plugin’s editor to perform Cross-Site Scripting attacks
| CPE | Name | Operator | Version |
|---|---|---|---|
| beaver-builder-lite-version | lt | 2.5.5.3 |
Related
nvd
nvd
CVE-2022-2934
2022-09-06 18:15:14
cve
cve
CVE-2022-2934
2022-09-06 18:15:14
cvelist
cvelist
prion
prion
Cross site scripting
2022-09-06 18:15:00
patchstack
patchstack