Add CVE-2022-21662 for GHSA-699q-3hj9-889w

2025-08-04 08:44:25 +00:00 · 2022-01-06 23:04:17 +00:00 · 2022-01-06 23:04:17 +00:00 · 91740a50ca
commit 91740a50ca
parent b4b73d0e62
1 changed files with 76 additions and 6 deletions
--- a/2022/21xxx/CVE-2022-21662.json
+++ b/2022/21xxx/CVE-2022-21662.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-21662",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Stored XSS in WordPress"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "wordpress-develop",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 5.8.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "WordPress"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.0,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w"
+            },
+            {
+                "name": "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/",
+                "refsource": "MISC",
+                "url": "https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-699q-3hj9-889w",
+        "discovery": "UNKNOWN"
    }
 }