CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1910 – Shortcodes and extra features for Phlox theme < 2.9.8 - Reflected Cross-Site-Scripting
https://notcve.org/view.php?id=CVE-2022-1910
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting El plugin Shortcodes and extra features for Phlox WordPress anterior a la versión 2.9.8 no sanea y escapa de un parámetro antes de devolverlo a la respuesta, lo que lleva a un Reflected Cross-Site Scripting The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting • https://wpscan.com/vulnerability/8afe1638-66fa-44c7-9d02-c81573193b47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •