Search criteria
2 vulnerabilities found for PowerPack Lite for Beaver Builder by Unknown
CVE-2022-0176 (GCVE-0-2022-0176)
Vulnerability from cvelistv5 – Published: 2022-02-14 09:20 – Updated: 2024-08-02 23:18
VLAI?
Title
PowerPack Lite for Beaver Builder < 1.2.9.3 - Reflected Cross-Site Scripting
Summary
The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPack Lite for Beaver Builder |
Affected:
1.2.9.3 , < 1.2.9.3
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2655379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPack Lite for Beaver Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.9.3",
"status": "affected",
"version": "1.2.9.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T09:20:56",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2655379"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPack Lite for Beaver Builder \u003c 1.2.9.3 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0176",
"STATE": "PUBLIC",
"TITLE": "PowerPack Lite for Beaver Builder \u003c 1.2.9.3 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPack Lite for Beaver Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.9.3",
"version_value": "1.2.9.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2655379",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2655379"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0176",
"datePublished": "2022-02-14T09:20:56",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0176 (GCVE-0-2022-0176)
Vulnerability from nvd – Published: 2022-02-14 09:20 – Updated: 2024-08-02 23:18
VLAI?
Title
PowerPack Lite for Beaver Builder < 1.2.9.3 - Reflected Cross-Site Scripting
Summary
The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPack Lite for Beaver Builder |
Affected:
1.2.9.3 , < 1.2.9.3
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2655379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPack Lite for Beaver Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.9.3",
"status": "affected",
"version": "1.2.9.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T09:20:56",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2655379"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPack Lite for Beaver Builder \u003c 1.2.9.3 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0176",
"STATE": "PUBLIC",
"TITLE": "PowerPack Lite for Beaver Builder \u003c 1.2.9.3 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPack Lite for Beaver Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.9.3",
"version_value": "1.2.9.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507af"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2655379",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2655379"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0176",
"datePublished": "2022-02-14T09:20:56",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}