CVE-2022-1995

CVE-2022-1995: miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Malware Scanner

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1995 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore CVE-2022-29432 WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities CVE-2019-1673 Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2024-5083 Nexus Repository 2 - Stored XSS CVE-2024-47392 WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability