CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28221 – CleanTalk AntiSpam <= 5.173 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-28221
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter found in the /lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php file. WordPress CleanTalk plugin versions 5.173 and below suffer from multiple cross site scripting vulnerabilities. • https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28222 – CleanTalk AntiSpam <= 5.173 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-28222
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in the /lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php file. WordPress CleanTalk plugin versions 5.173 and below suffer from multiple cross site scripting vulnerabilities. • https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •