CVE-2022-0892

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 56.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Export ALL UrlsAtlasgondal Export ALL Urls
Timeline
PublishedApr 11
Latest updateApr 12

Description

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/export_all_urls4.24.2

🔴Vulnerability Details

2
GHSA
GHSA-j8w2-v2j7-ff9g: The Export All URLs WordPress plugin before 42022-04-12
CVEList
Export All URLs < 4.2 - Reflected Cross-Site Scripting2022-04-11
CVE-2022-0892 (MEDIUM CVSS 6.1) | The Export All URLs WordPress plugi | cvebase.io