CVE-2022-1303

The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:slide_anything_project:slide_anything:*:*:*:*:*:wordpress:*:*

History

16 May 2022, 15:33

Type Values Removed Values Added
First Time Slide Anything Project slide Anything
Slide Anything Project
CPE cpe:2.3:a:slide_anything_project:slide_anything:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://wpscan.com/vulnerability/590b446d-f8bc-49b0-93e7-2a6f2e6f62f1 - (MISC) https://wpscan.com/vulnerability/590b446d-f8bc-49b0-93e7-2a6f2e6f62f1 - Exploit, Third Party Advisory

09 May 2022, 17:23

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-09 17:15

Updated : 2022-05-16 15:33


NVD link : CVE-2022-1303

Mitre link : CVE-2022-1303


JSON object : View

Products Affected

slide_anything_project

  • slide_anything
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')