Donorbox < 7.1.7 – Admin+ Stored Cross-Site Scripting | CVE 2022-1396

Affects Plugins

donorbox-donation-form

Fixed in 7.1.7

References

CVE

CVE-2022-1396

URL

https://packetstormsecurity.com/files/#166531/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Hassan Khan Yusufzai - Splint3r7

Verified

Yes

WPVDB ID

721ddc3e-ab24-4834-bd47-4eb6700439a9

Timeline

Publicly Published

2022-03-30 (about 2 years ago)

Added

2022-03-30 (about 2 years ago)

Last Updated

2022-04-20 (about 2 years ago)

Other

Published

Title

Published

2017-07-31

Title

Salutation Responsive WordPress + BuddyPress Theme <= 3.0.15 - Stored XSS

Published

2022-09-01

Title

WHA Crossword <= 1.1.10 - Contributor+ Stored Cross-Site Scripting

Published

2015-08-22

Title

MDC Private Message <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2016-06-09

Title

CM Ad Changer <= 1.7.7 - Stored Cross-Site Scripting (XSS)

Published

2023-01-17

Title

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS