CVE-2022-45836

MEDIUM NUCLEI

Download Manager <= 3.2.59 - Unauthenticated Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-45836 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.

Nuclei Templates (1)

WordPress Download Manager <= 3.2.59 - Reflected XSS
HIGHVERIFIEDby Shivam Kamboj

References (1)

Core 1

Scores

CVSS v3 6.3
EPSS 0.0069
EPSS Percentile 47.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
W3 Eden, Inc./Download Manager < 3.2.59
w3eden/download_manager < 3.2.60
Published Apr 18, 2023
Tracked Since Feb 18, 2026