Floating Div <= 3.0 – Author+ Stored Cross-Site Scripting | CVE 2022-36378

Affects Plugins

floating-div

No known fix

References

CVE

CVE-2022-36378

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.8 (medium)

Miscellaneous

Original Researcher

Ngo Van Thien

Verified

No

WPVDB ID

d053f090-f538-4b0c-892d-eab4f9626db7

Timeline

Publicly Published

2022-07-29 (about 3 years ago)

Added

2022-07-30 (about 3 years ago)

Last Updated

2023-04-27 (about 2 years ago)

Other

Published

Title

Published

2022-06-14

Title

WordPress Real Cookie Banner < 2.18.2 - Reflected Cross-Site Scripting

Published

2025-01-20

Title

Uix Page Builder < 1.7.5 - Reflected Cross-Site Scripting

Published

2024-10-17

Title

Parcel Pro < 1.9.0 - Reflected Cross-Site Scripting

Published

2021-08-10

Title

Two Factor Authentication < 1.0.8 - Reflected Cross-Site Scripting

Published

2023-11-23

Title

Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting