CVE-2022-0381 – Embed Swagger <= 1.0.0 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0381
The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. El plugin Embed Swagger de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado debido a un escape/saneo y comprobación insuficientes por medio del parámetro url encontrado en el archivo ~/swagger-iframe.php que permite a atacantes inyectar scripts web arbitrarios en la página, en versiones hasta la 1.0.0 incluyéndola • https://gist.github.com/Xib3rR4dAr/4b3ea7960914e23c3a875b973a5b37a3 https://plugins.trac.wordpress.org/browser/embed-swagger/trunk/swagger-iframe.php#L59 https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0381 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •