CVE-2022-2351Cross-site Scripting in Post Smtp

CWE-79Cross-site Scripting8 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 41.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wpexperts Post Smtp
Timeline
PublishedSep 16
Latest updateOct 15

Description

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

NVDwpexperts/post_smtp< 2.1.4

🔴Vulnerability Details

2
GHSA
GHSA-j93m-q6xh-qq49: The Post SMTP Mailer/Email Log WordPress plugin before 22022-09-17
CVEList
Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting2022-09-16

📋Vendor Advisories

4
Oracle
Oracle Oracle Communications Risk Matrix: Security (OJDBC) — CVE-2021-23512022-10-15
Oracle
Oracle Oracle TimesTen In-Memory Database Risk Matrix: Oracle TimesTen In-Memory Database Cache — CVE-2021-23512022-07-15
Oracle
Oracle Oracle Blockchain Platform Risk Matrix: BCS Console (JDBC, OCCI) — CVE-2021-23512022-04-15
Oracle
Oracle Oracle Airlines Data Model Risk Matrix: Installation (JDBC) — CVE-2021-23512022-01-15
CVE-2022-2351 — Cross-site Scripting in Post Smtp | cvebase