{"vulnerability": "CVE-2021-38356", "sightings": [{"uuid": "9dac379d-3935-466b-bf99-15b2937e2715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-38356", "type": "seen", "source": "https://t.me/cibsecurity/31578", "content": "\u203c CVE-2021-38356 \u203c\n\nThe NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-01T23:21:37.000000Z"}]}