PT-2022-13141 · WordPress · Embed Swagger

Muhammad Zeeshan

Published

2022-02-04

Updated

2022-02-10

CVE-2022-0381

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Embed Swagger WordPress plugin version 1.0.0 and earlier

Description The issue arises from insufficient escaping, sanitization, and validation of the url parameter in the ~/swagger-iframe.php file, allowing attackers to inject arbitrary web scripts onto the page via Reflected Cross-Site Scripting.

Recommendations For Embed Swagger WordPress plugin version 1.0.0 and earlier, update to a version that addresses the insufficient escaping and sanitization of the url parameter to prevent Reflected Cross-Site Scripting attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-0381

Affected Products

Embed Swagger

PT-2022-13141 · WordPress · Embed Swagger

CVE-2022-0381

Weakness Enumeration

Related Identifiers

Affected Products

References · 5