CVE-2022-0161

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

EPSS 0.9%CWE-79

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Mar 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Affected products

Unknown · ARI Fancy Lightbox – WordPress Popup

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://plugins.trac.wordpress.org/changeset/2680993 https://wpscan.com/vulnerability/6b37fa17-0dcb-47a7-b1eb-f9f6abb458c0