daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Thu Oct 20 08:20:28 UTC 2022] 🤖

patch-1
GitHub Action 2022-10-20 08:20:28 +00:00
parent bca37c6024
commit ba242bdd0e
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cves/2022/CVE-2022-28290.yaml
View File

@ -6,12 +6,16 @@ info:
severity: medium severity: medium
description: | description: |
The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting. The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting.
classification:
cve-id: CVE-2022-28290
reference: reference:
- https://wpscan.com/vulnerability/6c5a4bce-6266-4cfc-bc87-4fc3e36cb479 - https://wpscan.com/vulnerability/6c5a4bce-6266-4cfc-bc87-4fc3e36cb479
- https://nvd.nist.gov/vuln/detail/CVE-2022-28290 - https://nvd.nist.gov/vuln/detail/CVE-2022-28290
tags: cve,cve2022,wp,wordpress,wp-plugin,xss,wordpress-country-selector - https://cybersecurityworks.com/zerodays/cve-2022-28290-reflected-cross-site-scripting-in-welaunch.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-28290
cwe-id: CWE-79
tags: wordpress-country-selector,wpscan,cve,cve2022,wp,wordpress,wp-plugin,xss
requests: requests:
- raw: - raw: