Auto Generated CVE annotations [Mon May 30 09:21:28 UTC 2022] 🤖
parent
002c617ff3
commit
afc98f9d71
|
@ -3,17 +3,20 @@ id: CVE-2022-0346
|
|||
info:
|
||||
name: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting & RCE
|
||||
author: Akincibor
|
||||
severity: high
|
||||
severity: medium
|
||||
description: |
|
||||
The plugin does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
|
||||
classification:
|
||||
cve-id: CVE-2022-0346
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6
|
||||
- https://wordpress.org/plugins/www-xml-sitemap-generator-org/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0346
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-0346
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
verified: "true"
|
||||
tags: xss,wp,wordpress,wp-plugin,cve,cve2022
|
||||
|
||||
requests:
|
||||
|
|
Loading…
Reference in New Issue