{"containers":{"cna":{"affected":[{"product":"Insights from Google PageSpeed","vendor":"Unknown","versions":[{"lessThan":"4.0.4","status":"affected","version":"4.0.4","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Krzysztof Zając"}],"descriptions":[{"lang":"en","value":"The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Cross-site Scripting (XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-04-04T15:35:44.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca"},{"tags":["x_refsource_CONFIRM"],"url":"https://plugins.trac.wordpress.org/changeset/2690415"}],"source":{"discovery":"EXTERNAL"},"title":"Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2022-0431","STATE":"PUBLIC","TITLE":"Google Pagespeed Insights < 4.0.4 - Reflected Cross-Site Scripting"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Insights from Google PageSpeed","version":{"version_data":[{"version_affected":"<","version_name":"4.0.4","version_value":"4.0.4"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"Krzysztof Zając"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-site Scripting (XSS)"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca","refsource":"MISC","url":"https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca"},{"name":"https://plugins.trac.wordpress.org/changeset/2690415","refsource":"CONFIRM","url":"https://plugins.trac.wordpress.org/changeset/2690415"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:25:40.428Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://plugins.trac.wordpress.org/changeset/2690415"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-0431","datePublished":"2022-04-04T15:35:44.000Z","dateReserved":"2022-01-31T00:00:00.000Z","dateUpdated":"2024-08-02T23:25:40.428Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}