Lucene search
HistoryJan 23, 2023 - 3:15 p.m.
CVE-2022-4675
cve-2022-4675
mongoose
cross-site scripting
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.5%
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Affected configurations
Node
mongoosemarketplacemongoose_page_pluginRange<1.9.0wordpress
Related
prion
prion
Cross site scripting
2023-01-23 15:15:00
cve
cve
CVE-2022-4675
2023-01-23 15:15:16
wpvulndb
wpvulndb
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
2022-12-27 00:00:00
wpexploit
wpexploit
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
2022-12-27 00:00:00
cvelist
cvelist
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.5%
Related for NVD:CVE-2022-4675