Lucene search

[email protected]CVE-2022-1301

HistoryJul 04, 2022 - 1:15 p.m.

CVE-2022-1301

2022-07-0413:15:08

CWE-79

[email protected]

web.nvd.nist.gov

wp contact slider

wordpress plugin

xss

cross-site scripting

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.8%

JSON

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Affected configurations

Vulners

NVD

Node

ljappswp_review_sliderRange<2.4.7

VendorProductVersionCPE
ljappswp_review_slider*cpe:2.3:a:ljapps:wp_review_slider:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ljapps	wp_review_slider	*	cpe:2.3:a:ljapps:wp_review_slider::::::::

CNA Affected

[
  {
    "product": "WP Contact Slider",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.4.7",
        "status": "affected",
        "version": "2.4.7",
        "versionType": "custom"
      }
    ]
  }
]