Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-3062 — Cross-site Scripting in Simple-file-list

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

48.7%

top 2.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Simplefilelist Simple-file-list

Timeline

PublishedSep 26

Latest updateSep 27

Description

The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDsimplefilelist/simple-file-list< 4.4.12

Patches

Patch: wpscan.com ↗Patch: wpscan.com ↗

🔴Vulnerability Details

GHSA

GHSA-87x2-4xvf-5x6q: The Simple File List WordPress plugin before 4↗2022-09-27

▶

CVEList

Simple File List < 4.4.12 - Reflected Cross-Site Scripting↗2022-09-26

▶

💥Exploits & PoCs

Nuclei

Simple File List < 4.4.12 - Cross Site Scripting

▶