Lucene search
HistoryMar 16, 2023 - 9:15 a.m.
CVE-2022-38971
cve-2022-38971
stored cross-site scripting
themekraft post form
registration form
user profiles
content forms
user submissions
version 2.7.5
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.0%
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions.
Affected configurations
Node
themekraftpost_form_registration_form_profile_form_for_user_profiles_and_content_formsRange≤2.7.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| themekraft | post_form_registration_form_profile_form_for_user_profiles_and_content_forms | * | cpe:2.3:a:themekraft:post_form_registration_form_profile_form_for_user_profiles_and_content_forms:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
patchstack
patchstack
prion
prion
Cross site scripting
2023-03-16 09:15:00
cve
cve
CVE-2022-38971
2023-03-16 09:15:09
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.0%
Related for NVD:CVE-2022-38971