Search...

CVE-2017-2168

2017-05-22T16:29:00

ID CVE-2017-2168
Type cve
Reporter cve@mitre.org
Modified 2017-07-17T13:18:00

Description

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2017-2168", "bulletinFamily": "NVD", "title": "CVE-2017-2168", "description": "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "published": "2017-05-22T16:29:00", "modified": "2017-07-17T13:18:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2168", "reporter": "cve@mitre.org", "references": ["https://wpvulndb.com/vulnerabilities/8830", "https://wordpress.org/plugins/wp-booking-system/#developers", "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092", "https://jvn.jp/en/jp/JVN96165722/index.html"], "cvelist": ["CVE-2017-2168"], "type": "cve", "lastseen": "2019-05-29T18:16:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "95f2fd55d477d8e29152fd38a2bd4d18"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "87f24343b471dab16bf0e9ffe1f3b906"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "aa2153664e17e9501cc7ad9724398240"}, {"key": "href", "hash": "90e84e151f769827f49bc6f60fa383df"}, {"key": "modified", "hash": "54eea28cd58a8b1970d9e051e4c324e6"}, {"key": "published", "hash": "99aa1795ccd09ca1e7dd4c8b0c336686"}, {"key": "references", "hash": "ee5ee948f508f4e0e0c0bfb2059bb578"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "51548d06a95e25958b7f21f0e9435c69"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "727981ccf672bb47adf75e4a70482935ac5177bb72ad7c247f90b518a1622368", "viewCount": 0, "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2019-05-29T18:16:58"}, "dependencies": {"references": [{"type": "jvn", "idList": ["JVN:96165722"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8830"]}], "modified": "2019-05-29T18:16:58"}, "vulnersScore": 4.6}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "wpbookingsystem wp_booking_system", "operator": "le", "version": "1.3.3"}, {"name": "wpbookingsystem wp_booking_system", "operator": "le", "version": "3.6"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"]}

{"jvn": [{"lastseen": "2019-05-29T19:49:07", "bulletinFamily": "info", "description": "\n ## Description\n\nThe WordPress plugin \"WP Booking System\" provided by WP Booking System contains a stored cross-site scripting vulnerability (CWE-79).\n\n ## Impact\n\nAn arbitrary script may be executed on the web browser of a user who logged-in as an administrator.\n\n ## Solution\n\n**Update the plugin** \nUpdate the plugin according to the information provided by the developer. \n \nThe developer states: \n\n> The Free (1.4 and higher) and the Premium version (3.7 and higher) are patched. Update the plugin or contact the plugin developer at support@wpbookingsystem.com if you have any questions.\n\n ## Products Affected\n\n * WP Booking System Free version prior to version 1.4\n * WP Booking System Premium version prior to version 3.7\n", "modified": "2017-05-16T00:00:00", "published": "2017-05-16T00:00:00", "id": "JVN:96165722", "href": "http://jvn.jp/en/jp/JVN96165722/index.html", "title": "JVN#96165722: WordPress plugin \"WP Booking System\" vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2019-11-11T09:16:24", "bulletinFamily": "software", "description": "WordPress Vulnerability - WP Booking System <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)\n", "modified": "2019-11-01T00:00:00", "published": "2017-05-23T00:00:00", "id": "WPVDB-ID:8830", "href": "https://wpvulndb.com/vulnerabilities/8830", "type": "wpvulndb", "title": "WP Booking System <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}