CVE-2022-3853 – Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF
https://notcve.org/view.php?id=CVE-2022-3853
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. Cross-site Scripting (XSS) es un ataque de inyección de código del lado del cliente. El atacante tiene como objetivo ejecutar scripts maliciosos en un navegador web de la víctima incluyendo código malicioso en una página web o aplicación web legítima. The Supra CSV plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.3. • https://wpscan.com/vulnerability/c2bc7d23-5bfd-481c-b42b-da7ee80d9514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •