admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-30 02:00:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-1321.md

19 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-1321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1321)
![](https://img.shields.io/static/v1?label=Product&message=miniOrange's%20Google%20Authenticator%20%E2%80%93%20WordPress%20Two%20Factor%20Authentication%20(2FA%20%2C%20Two%20Factor%2C%20OTP%20SMS%20and%20Email)%20%7C%20Passwordless%20login&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=5.5.6%3C%205.5.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
### Description
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
### POC
#### Reference
- https://wpscan.com/vulnerability/b8784995-0deb-4c83-959f-52b37881e05c
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://wpscan.com/vulnerability/b8784995-0deb-4c83-959f-52b37881e05c
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
#### Github
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue Copy Permalink