CVE-2022-1894Cross-site Scripting in Popup Builder

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.3%
top 48.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sygnoos Popup Builder
Timeline
PublishedJul 11
Latest updateJul 12

Description

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

NVDsygnoos/popup_builder< 4.1.11

🔴Vulnerability Details

2
GHSA
GHSA-f7v6-8cx8-mqp8: The Popup Builder WordPress plugin before 42022-07-12
CVEList
Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting2022-07-11
CVE-2022-1894 — Cross-site Scripting in Popup Builder | cvebase