Search criteria
6 vulnerabilities found for fastflow by fastflow
FKIE_CVE-2022-2775
Vulnerability from fkie_nvd - Published: 2022-09-05 13:15 - Updated: 2024-11-21 07:01
Severity ?
Summary
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastflow:fastflow:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F4297680-EFCF-4728-BB41-DF6FEA70A14F",
"versionEndExcluding": "1.2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El plugin Fast Flow de WordPress versiones anteriores a 1.2.13, no sanea ni escapa de algunas de sus configuraciones de widgets, lo que podr\u00eda permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting almacenados incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)"
}
],
"id": "CVE-2022-2775",
"lastModified": "2024-11-21T07:01:40.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-05T13:15:08.527",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-1269
Vulnerability from fkie_nvd - Published: 2022-05-02 16:15 - Updated: 2024-11-21 06:40
Severity ?
Summary
The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastflow:fastflow:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F5A6A7E6-7C54-4943-B316-7385F3CAF9A7",
"versionEndExcluding": "1.2.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting"
},
{
"lang": "es",
"value": "El plugin Fast Flow de WordPress versiones anteriores a 1.2.12, no sanea y escapa del par\u00e1metro page antes de devolverlo a un atributo en el panel de control del administrador, conllevando a un problema de tipo Cross-Site Scripting Reflejado"
}
],
"id": "CVE-2022-1269",
"lastModified": "2024-11-21T06:40:22.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-02T16:15:08.957",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2022-2775 (GCVE-0-2022-2775)
Vulnerability from cvelistv5 – Published: 2022-09-05 12:35 – Updated: 2024-08-03 00:46
VLAI?
Title
Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting
Summary
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Hardik Rathod
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast Flow",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.13",
"status": "affected",
"version": "1.2.13",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hardik Rathod"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T12:35:23",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fast Flow \u003c 1.2.13 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2775",
"STATE": "PUBLIC",
"TITLE": "Fast Flow \u003c 1.2.13 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fast Flow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.13",
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hardik Rathod"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2775",
"datePublished": "2022-09-05T12:35:23",
"dateReserved": "2022-08-11T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1269 (GCVE-0-2022-1269)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Title
Fast Flow < 1.2.12 - Reflected Cross-Site Scripting
Summary
The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
p7e4
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast Flow",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "1.2.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "p7e4"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T08:35:31",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fast Flow \u003c 1.2.12 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1269",
"STATE": "PUBLIC",
"TITLE": "Fast Flow \u003c 1.2.12 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fast Flow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.12",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1269",
"datePublished": "2022-05-02T16:05:53",
"dateReserved": "2022-04-07T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2775 (GCVE-0-2022-2775)
Vulnerability from nvd – Published: 2022-09-05 12:35 – Updated: 2024-08-03 00:46
VLAI?
Title
Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting
Summary
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Hardik Rathod
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast Flow",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.13",
"status": "affected",
"version": "1.2.13",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hardik Rathod"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T12:35:23",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fast Flow \u003c 1.2.13 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2775",
"STATE": "PUBLIC",
"TITLE": "Fast Flow \u003c 1.2.13 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fast Flow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.13",
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hardik Rathod"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7101ce04-670e-4ce0-9f60-e00494ff379d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2775",
"datePublished": "2022-09-05T12:35:23",
"dateReserved": "2022-08-11T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1269 (GCVE-0-2022-1269)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
VLAI?
Title
Fast Flow < 1.2.12 - Reflected Cross-Site Scripting
Summary
The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
p7e4
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fast Flow",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.12",
"status": "affected",
"version": "1.2.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "p7e4"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-15T08:35:31",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fast Flow \u003c 1.2.12 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1269",
"STATE": "PUBLIC",
"TITLE": "Fast Flow \u003c 1.2.12 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fast Flow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.12",
"version_value": "1.2.12"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "p7e4"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1269",
"datePublished": "2022-05-02T16:05:53",
"dateReserved": "2022-04-07T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}