admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-392xx/CVE-2021-39202.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

136 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-39202",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-09-09T22:15:09.590",
"lastModified": "2021-09-24T13:53:00.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8."
},
{
"lang": "es",
"value": "WordPress es un sistema de administraci\u00f3n de contenidos gratuito y de c\u00f3digo abierto escrito en PHP y emparejado con una base de datos MySQL o MariaDB. En versiones afectadas, el editor de widgets introducido en la versi\u00f3n 5.8 beta 1 de WordPress, presenta un manejo inapropiado de la entrada HTML en la funcionalidad Custom HTML. Esto conlleva a una vulnerabilidad de tipo XSS almacenado en el widget de HTML personalizado. Esto ha sido parcheado en WordPress versi\u00f3n 5.8. S\u00f3lo estuvo presente durante la fase de pruebas/beta de WordPress versi\u00f3n 5.8"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wordpress:wordpress:5.8:beta1:*:*:*:*:*:*",
"matchCriteriaId": "22BC078C-EFD8-4F7F-A3AB-146191A932A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wordpress:wordpress:5.8:beta2:*:*:*:*:*:*",
"matchCriteriaId": "AC9927CE-75C7-44B2-8D29-1753E32ED2DB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://hackerone.com/reports/1222797",
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink