Login
Start Free Trial
Research Center
CVE-2022-1267 Research Center

CVE-2022-1267

The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting

  • 6.1 high severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

  • 16/05/2022

Vulnerability Categories 1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

xTags 4

#easy_to_exploit
#known_vulnerability
#user_interaction_required_for_exploiting
#new_vulnerability_published

Advisory Links 1

https://wpscan.com/vulnerability/ed2971c2-b99c-4320-ac46-bea5a0a493ed
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By John Kilhefner
Aug 09, 2022

Analyzing the Quantum Threat

This isn’t just another “next step” of computing… The application of emerging quantum computing tech in the cybersecurity industry will result in arguably the most significant disruption the world has ever seen. Just how can a new evolution of computing do all this? Through the strange world of quantum mechanics.
By Michael Assraf
Aug 08, 2022

An Origin Story: vsociety

Welcome to vsociety – the open, independent, and user-centered community with features built specifically to make vulnerability research shareable and actionable at scale. We don't make many self-posts, but wanted to share our origins with you...
By M /
Aug 08, 2022

Exploiting Google SLO Generator with Python YAML Deserialization Attack

In this blog post, we will be detailing a new vector to exploit a vulnerable version of Google SLO Generator, a widely used Python library publicly available on Github. In other words, we will be searching for an older version that we can exploit to highlight the importance of keeping software packages up to date.
By John Kilhefner
Aug 08, 2022

Blockchain Security -- The New Threat. Part 1.

A new threat is on the horizon. And this new paradigm promises to be the most profound shift for security professionals since the dot-com boom of the nineties. I’m talking about blockchains and decentralized economies in the 2020s. To get a sense for the scope of change in front of us, we need to take a trip down memory lane – to the advent of the internet.
By Kent Weigle
Aug 05, 2022

CISAnalysis 05 August 2022

CVE-2022-27924, a vulnerability published in May 2022, has been added to CISA's Known Exploited Vulnerabilities Catalog.
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!