GitHub Advisory DatabaseGHSA-QRQM-574X-Q7F2Awesome Support vulnerable to persistent cross-site scripting
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%
Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| awesome-support/awesome-support | le | 6.0.7 |
References
github.com/advisories/GHSA-qrqm-574x-q7f2
github.com/Awesome-Support/Awesome-Support/commit/85f460be88b81fbdd9a990f474a1252297902faf
github.com/Awesome-Support/Awesome-Support/commit/b2e831d7f831a3869cfd83eb79a398a5b5c0ec63
nvd.nist.gov/vuln/detail/CVE-2022-38073
patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities
wordpress.org/plugins/awesome-support/#developers
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%