Lucene search
HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-1932
rezgo online booking
wordpress
plugin
reflected cross-site scripting
lfi
ajax action
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file
Affected configurations
Node
rezgorezgo_online_bookingRange<4.1.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rezgo | rezgo_online_booking | * | cpe:2.3:a:rezgo:rezgo_online_booking:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2022-1932
2022-08-22 15:15:13
prion
prion
Cross site scripting
2022-08-22 15:15:00
cvelist
cvelist
CVE-2022-1932 Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting
2022-08-22 14:58:08
wpexploit
wpexploit
Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting
2022-07-26 00:00:00
patchstack
patchstack
wpvulndb
wpvulndb
Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting
2022-07-26 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
Related for NVD:CVE-2022-1932