VDB-212612 · ~~CVE-2022-3790~~

Flipbook Plugin on WordPress Edit Post post.php Shortcode cross site scripting 🚫 [False Positive]

Noticeinfo

⚠️ A vulnerability was suspected in Flipbook Plugin. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

Productinfo

Type

WordPress Plugin

Name

Flipbook Plugin

Timelineinfo

11/01/2022 🔍
11/01/2022 +0 days 🔍
11/01/2022 +0 days 🔍
11/30/2022 +29 days 🔍

Sourcesinfo

Advisory: drive.google.com
False Positive: Yes
Disputed: 🔍

CVE: CVE-2022-3790 (🔍)
scip Labs: https://www.scip.ch/en/?labs.20161013

Entryinfo

Created: 11/01/2022 14:29
Updated: 11/30/2022 11:39
Changes: 11/01/2022 14:29 (42), 11/07/2022 07:39 (8), 11/07/2022 07:41 (1), 11/30/2022 11:39 (1)
Complete: 🔍
Committer: devaldi

Submitinfo

Duplicate

Submit #50330: Stored XSS in flipbook (by rezaduty)

Discussion

This is a incorrect submission. The so called script injection is occurring on the web site that is posting the content and not on the embedding host. All this "vulnerability" is showing is that you can post javascript on your wordpress blog if you are the author which is by design.

Thank you. We have flagged this entry as false-positive and revoked the CVE.

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!