CVE-2022-0385

CVE-2022-0385: Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS

Vendor Unknown
Product Crazy Bone
Weakness CWE-79 · XSS
Published February 28, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting

Key dates

02Disclosure timeline

February 28, 2022 CVE published
August 2, 2024 Record updated