The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
{"id": "WPEX-ID:19F482CB-FCFD-43E6-9A04-143E06351A70", "vendorId": null, "type": "wpexploit", "bulletinFamily": "exploit", "title": "Sitemap < 4.4 - Contributor+ Stored XSS", "description": "The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n", "published": "2022-12-27T00:00:00", "modified": "2022-12-27T02:05:51", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "href": "", "reporter": "Lana Codes", "references": [], "cvelist": ["CVE-2022-4545"], "immutableFields": [], "lastseen": "2023-01-31T02:26:35", "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-4545"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:19F482CB-FCFD-43E6-9A04-143E06351A70"]}]}, "score": {"value": 1.3, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-4545", "epss": "0.000450000", "percentile": "0.118270000", "modified": "2023-03-20"}], "vulnersScore": 1.3}, "_state": {"dependencies": 1675133245, "score": 1675133742, "epss": 1679354432}, "_internal": {"score_hash": "f25fb1bcdfc273acac98c82fa64eefb3"}, "sourceData": "[pagelist class='\" onmouseover=\"alert(1)\"']", "generation": 0}
{"wpvulndb": [{"lastseen": "2023-01-31T02:26:35", "description": "The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\n### PoC\n\n[pagelist class='\" onmouseover=\"alert(1)\"']\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-12-27T00:00:00", "type": "wpvulndb", "title": "Sitemap < 4.4 - Contributor+ Stored XSS", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-4545"], "modified": "2022-12-27T02:05:51", "id": "WPVDB-ID:19F482CB-FCFD-43E6-9A04-143E06351A70", "href": "https://wpscan.com/vulnerability/19f482cb-fcfd-43e6-9a04-143e06351a70", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-02-09T14:48:26", "description": "The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2023-01-23T15:15:00", "type": "cve", "title": "CVE-2022-4545", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-4545"], "modified": "2023-01-30T19:04:00", "cpe": [], "id": "CVE-2022-4545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4545", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}]}
Sitemap < 4.4 - Contributor+ Stored XSS
