CVE-2022-0388

CVE-2022-0388: Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

Vendor Unknown

Product Interactive Medical Drawing of Human Body

Weakness CWE-79 · XSS

Published March 28, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

March 28, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0388 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-11809 Primer MyData for Woocommerce <= 4.2.1 - Reflected Cross-Site Scripting CVE-2024-43262 WordPress Busiprof theme <= 2.4.8 - Cross Site Scripting (XSS) vulnerability CVE-2026-32607 Discourse: Stored XSS via unescaped assignee name CVE-2023-3708 Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting CVE-2025-47116 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)