CVE-2022-50946

Name of the Vulnerable Software and Affected Versions Netroics Blog Posts Grid version 1.0

Description A stored cross-site scripting issue exists where authenticated editors can inject malicious scripts due to insufficient sanitization of the post title parameter. Attackers with editor privileges can use the testimonial title field to execute script payloads in the browsers of other users who view the draft post, which may lead to session hijacking and cookie theft.

Recommendations As a temporary workaround, restrict the use of the post title parameter in the testimonial title field for users with editor privileges until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.