W3 Eden, Inc. Download Manager plugin <= 3.2.59 contains a reflected cross-site scripting caused by insufficient input sanitization, letting attackers execute scripts in the context of the victim's browser, exploit requires attacker to craft a malicious link. [已公开] id: CVE-2022-45836 info: name: WordPress Download Manager <= 3.2.59 - Reflected XSS author: Shivam Kamboj severity: high description: | W3 Eden, Inc. Download Manager plugin <= 3.2.59 contains a reflected cross-site scripting caused by insufficient input sanitization, letting attackers execute scripts in the context of the victim's browser, exploit requires attacker to craft a malicious link. impact: | Attackers can execute arbitrary scripts in the victim's browser, potentially leading to session hijacking or defacement. remediation: | Update to the latest version of the plugin where the vulnerability is fixed. reference: - https://nvd.nist.gov/vuln/detail/CVE-2022-45836 - https://patchstack.com/database/wordpress/plugin/download-manager/vulnerability/wordpress-download-manager-plugin-3-2-59-reflected-cross-site-scripting-xss-vulnerability metadata: verified: true max-request: 1 publicwww-query: "/plugins/download-manage

未知