admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-23988.md

21 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-23988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23988)
![](https://img.shields.io/static/v1?label=Product&message=WS%20Form%20LITE%20%E2%80%93%20Drag%20%26%20Drop%20Contact%20Form%20Builder%20for%20WordPress&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WS%20Form%20Pro&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.8.176%3C%201.8.176%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
### Description
The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission
### POC
#### Reference
- https://wpscan.com/vulnerability/9d5738f9-9a2e-4878-8a03-745894420bf6
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/simonepetruzzi/WebSecurityProject
Reference in New Issue Copy Permalink