CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1776 – Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1776
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks El plugin Popups, Welcome Bar, Optins and Lead Generation de WordPress versiones anteriores a 2.1.8, no sanea ni escapa de algunos parámetros de la campaña, lo que podría permitir a usuarios con un rol tan bajo como el de colaborador llevar a cabo ataques de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/46ed56db-9b9d-4390-80fc-343a01fcc3c9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •