CVE-2022-2695

Name of the Vulnerable Software and Affected Versions Beaver Builder versions up to, and including, 2.5.5.2

Description The issue arises from insufficient input sanitization and output escaping of the caption parameter when uploading media files through the Beaver Builder editor. This allows authenticated attackers to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks.

Recommendations For versions up to, and including, 2.5.5.2, update to a version that addresses the insufficient input sanitization and output escaping of the caption parameter to prevent cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.