1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1217 – Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1217
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting. El plugin Custom TinyMCE Shortcode Button de WordPress versiones hasta 1.1, no sanea ni escapa de la variable PHP_SELF antes de devolverla a un atributo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/15875f52-7a49-44c7-8a36-b49ddf37c20c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •