PT-2022-7040 · Unknown · Permalink Manager Lite+1

Krzysztof Zając

Published

2022-01-12

Updated

2022-02-19

CVE-2022-0201

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Permalink Manager Lite versions prior to 2.2.15 Permalink Manager Pro versions prior to 2.2.15

Description The issue is related to the failure to protect the web page structure when handling query parameters, which can lead to reflected cross-site scripting attacks. This allows a remote attacker to conduct inter-site script attacks.

Recommendations For Permalink Manager Lite versions prior to 2.2.15, update to version 2.2.15 or later. For Permalink Manager Pro versions prior to 2.2.15, update to version 2.2.15 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2023-07209

CVE-2022-0201

Affected Products

Permalink Manager Lite

Permalink Manager Pro

PT-2022-7040 · Unknown · Permalink Manager Lite+1

CVE-2022-0201

Weakness Enumeration

Related Identifiers

Affected Products

References · 7