{"containers":{"cna":{"affected":[{"product":"Print, PDF, Email by PrintFriendly","vendor":"Unknown","versions":[{"lessThan":"5.2.3","status":"affected","version":"5.2.3","versionType":"custom"}]}],"credits":[{"lang":"en","value":"muhamad hidayat"}],"descriptions":[{"lang":"en","value":"The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Cross-site Scripting (XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-06-20T10:25:46.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/b586b217-f91e-42d3-81f1-cc3ee3a4b01e"}],"source":{"discovery":"EXTERNAL"},"title":"Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2022-0663","STATE":"PUBLIC","TITLE":"Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Print, PDF, Email by PrintFriendly","version":{"version_data":[{"version_affected":"<","version_name":"5.2.3","version_value":"5.2.3"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"muhamad hidayat"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-site Scripting (XSS)"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/b586b217-f91e-42d3-81f1-cc3ee3a4b01e","refsource":"MISC","url":"https://wpscan.com/vulnerability/b586b217-f91e-42d3-81f1-cc3ee3a4b01e"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:32:46.439Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/b586b217-f91e-42d3-81f1-cc3ee3a4b01e"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-0663","datePublished":"2022-06-20T10:25:46.000Z","dateReserved":"2022-02-17T00:00:00.000Z","dateUpdated":"2024-08-02T23:32:46.439Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}