Limited Black Friday Offer:

BackupBuddy < 8.8.3 - Cross Site Scripting (XSS) CVE-2022-4897 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

BackupBuddy < 8.8.3 - Cross Site Scripting (XSS) CVE-2022-4897 Scanner Detail

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting

https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f