admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-0201.md

20 lines
976 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-0201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0201)
![](https://img.shields.io/static/v1?label=Product&message=Permalink%20Manager%20Lite&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Permalink%20Manager%20Pro&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.2.15%3C%202.2.15%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
### Description
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
### POC
#### Reference
- https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
Reference in New Issue Copy Permalink