1 results (0.002 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1
CVE-2022-1216 – Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1216
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. versiones hasta 1.2 no sanea y escapa de la variable PHP_SELF antes de devolverla a un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/31a5b138-3d9e-4cd6-b85c-d20406ab51bd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •