SP Project & Document Manager < 4.62 – Reflected Cross-Site Scripting | CVE 2022-34857

Affects Plugins

sp-client-document-manager

Fixed in 4.62

References

CVE

CVE-2022-34857

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Vlad Vector

Verified

No

WPVDB ID

3057097c-aab3-43df-a6dd-32c2c0b050d8

Timeline

Publicly Published

2022-08-10 (about 3 years ago)

Added

2022-08-22 (about 3 years ago)

Last Updated

2023-05-13 (about 2 years ago)

Other

Published

Title

Published

2023-10-09

Title

Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

Published

2024-10-28

Title

affiliate-toolkit < 3.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via atkp_product Shortcode

Published

2024-06-26

Title

Gutenberg Blocks with AI by Kadence WP – Page Builder Features < 3.2.43 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget

Published

2021-03-03

Title

Advanced Order Export For WooCommerce < 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2014-08-01

Title

WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DRedirect.php Multiple Parameter Reflected XSS