Lucene search

K
cve[email protected]CVE-2022-2391
HistoryAug 08, 2022 - 2:15 p.m.

CVE-2022-2391

2022-08-0814:15:09
CWE-79
web.nvd.nist.gov
37
3
cve-2022-2391
inspiro pro
wordpress plugin
security vulnerability
javascript injection
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.8%

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Affected configurations

Vulners
NVD
Node
wpzoominspiro_proRange<7.2.3
VendorProductVersionCPE
wpzoominspiro_pro*cpe:2.3:a:wpzoom:inspiro_pro:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Inspiro PRO",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "7.2.3",
        "status": "affected",
        "version": "7.2.3",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.8%