How severe is CVE-2022-0220?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2022-0220?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2022-0220

MEDIUM Year: 2022

CVSS v3 Score

6.1

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-116

View all →

Vulnerability Description

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce)

CVE-2017-18892

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

CWE-1162017

CVE-2021-21684

MEDIUM

CVSS:6.1(Medium)

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scriptin...

CWE-1162021

CVE-2021-34630

MEDIUM

CVSS:6.1(Medium)

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this us...

CWE-1162021

CVE-2021-41132

MEDIUM

CVSS:6.1(Medium)

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of saniti...

CWE-1162021

CVE-2021-43106

MEDIUM

CVSS:6.1(Medium)

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause t...

CWE-1162021

CVE-2022-0421

MEDIUM

CVSS:6.1(Medium)

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the ...

CWE-1162022

CVE-2022-0220

Vulnerability Description

Related Vulnerabilities

CVE-2017-18892

CVE-2021-21684

CVE-2021-34630

CVE-2021-41132

CVE-2021-43106

CVE-2022-0421