CVE-2024-22282

2024-01-3118:15:48

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-22282

xss

vulnerability

michael torbert

simplemap store locator

web page generation

nvd

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a through 2.6.1.

Affected configurations

Vulners

NVD

Node

michael_torbertsimplemap_store_locatorRange≤2.6.1

CPENameOperatorVersion
simplemap-plugin:simplemap_store_locatorsimplemap-plugin simplemap store locatorle2.6.1

CPE	Name	Operator	Version
simplemap-plugin:simplemap_store_locator	simplemap-plugin simplemap store locator	le	2.6.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "simplemap",
    "product": "SimpleMap Store Locator",
    "vendor": "Michael Torbert",
    "versions": [
      {
        "lessThanOrEqual": "2.6.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]