Lucene search

K
nvd[email protected]NVD:CVE-2022-2391
HistoryAug 08, 2022 - 2:15 p.m.

CVE-2022-2391

2022-08-0814:15:09
CWE-79
web.nvd.nist.gov
5
wordpress plugin
javascript injection
portfolio slider

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Affected configurations

Nvd
Node
wpzoominspiro_proRange<7.2.3wordpress
VendorProductVersionCPE
wpzoominspiro_pro*cpe:2.3:a:wpzoom:inspiro_pro:*:*:*:*:*:wordpress:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%