mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
84 lines
2.1 KiB
JSON
84 lines
2.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2022-3149",
|
|
"ASSIGNER": "contact@wpscan.com",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF"
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"generator": "WPScan CVE Generator",
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Unknown",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "WP Custom Cursors",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "3.0.1",
|
|
"version_value": "3.0.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting"
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"url": "https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f",
|
|
"name": "https://wpscan.com/vulnerability/4c13a93d-2100-4721-8937-a1205378655f"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
|
|
"lang": "eng"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"value": "CWE-79 Cross-Site Scripting (XSS)",
|
|
"lang": "eng"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Lana Codes"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
}
|