The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/b6ed4d64-ee98-41bd-a97a-8350c2a8a546 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-07-25T12:47:12
Updated: 2022-07-25T12:47:12
Reserved: 2022-06-23T00:00:00
Link: CVE-2022-2189
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-25T13:15:08.413
Modified: 2022-07-29T15:57:51.297
Link: CVE-2022-2189
JSON object: View
Redhat Information
No data.
CWE