nvd-json-data-feeds/CVE-2022/CVE-2022-13xx/CVE-2022-1301.json

{
  "id": "CVE-2022-1301",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2022-07-04T13:15:08.697",
  "lastModified": "2024-11-21T06:40:26.890",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
    },
    {
      "lang": "es",
      "value": "El plugin WP Contact Slider de WordPress versiones anteriores a 2.4.7, no sanea ni escapa de los par\u00e1metros de Texto a Mostrar de los sliders, lo que podr\u00eda permitir a usuarios con altos privilegios, como el editor y superiores, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html no est\u00e1 permitido"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "baseScore": 3.5,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:wpexperts:wp_contact_slider:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "2.4.7",
              "matchCriteriaId": "C59BF3F4-5AE2-40FF-82DF-DFB1E37E9D95"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}