CVE-2022-38073: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.
References
- github.com/Awesome-Support/Awesome-Support/commit/85f460be88b81fbdd9a990f474a1252297902faf
- github.com/Awesome-Support/Awesome-Support/commit/b2e831d7f831a3869cfd83eb79a398a5b5c0ec63
- github.com/advisories/GHSA-qrqm-574x-q7f2
- nvd.nist.gov/vuln/detail/CVE-2022-38073
- patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities
- wordpress.org/plugins/awesome-support/
Code Behaviors & Features
Detect and mitigate CVE-2022-38073 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →