Lucene search
Niraj MahajanWPEX-ID:62FB399D-3327-45D0-B10F-769D2D164903HistoryJun 06, 2022 - 12:00 a.m.
miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting
2022-06-0600:00:00
Niraj Mahajan
85
miniorange malware scanner
stored cross-site scripting
admin+
advanced blocking
block http referer's
add referer
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
Put the following payload in the "Advanced Blocking" tab > "Block HTTP Referer's" section > "Add Referer" field: "><img src=x onerror=alert(/XSS/)>Related
prion
prion
Cross site scripting
2022-06-27 09:15:00
cnvd
cnvd
WordPress Malware Scanner plugin跨站脚本漏洞
2022-06-30 00:00:00
cvelist
cvelist
wpvulndb
wpvulndb
miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting
2022-06-06 00:00:00
nvd
nvd
CVE-2022-1995
2022-06-27 09:15:10
patchstack
patchstack
cve
cve
CVE-2022-1995
2022-06-27 09:15:10