CVE-2022-1407 - OpenCVE

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vikwp	Hotel Booking Engine \& Pms

Configuration 1 [-]

cpe:2.3:a:vikwp:hotel_booking_engine_\&_pms:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/19a9e266-daf6-4cc5-a300-2b5436b6d07d	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-05-16T14:30:55

Updated: 2022-05-16T14:30:55

Reserved: 2022-04-20T00:00:00

Link: CVE-2022-1407

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-16T15:15:09.463

Modified: 2022-05-24T16:03:54.223

Link: CVE-2022-1407

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "VikBooking Hotel Booking Engine & PMS", "vendor": "Unknown", "versions": [{"lessThan": "1.5.8", "status": "affected", "version": "1.5.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Gabriel3476"}], "descriptions": [{"lang": "en", "value": "The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-16T14:30:55", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/19a9e266-daf6-4cc5-a300-2b5436b6d07d"}], "source": {"discovery": "EXTERNAL"}, "title": "VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1407", "STATE": "PUBLIC", "TITLE": "VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VikBooking Hotel Booking Engine & PMS", "version": {"version_data": [{"version_affected": "<", "version_name": "1.5.8", "version_value": "1.5.8"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Gabriel3476"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/19a9e266-daf6-4cc5-a300-2b5436b6d07d", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/19a9e266-daf6-4cc5-a300-2b5436b6d07d"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1407", "datePublished": "2022-05-16T14:30:55", "dateReserved": "2022-04-20T00:00:00", "dateUpdated": "2022-05-16T14:30:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vikwp:hotel_booking_engine_\\&_pms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1A8EA3FF-E035-4AB8-9273-D20F1AAC403C", "versionEndExcluding": "1.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack"}, {"lang": "es", "value": "El plugin VikBooking Hotel Booking Engine & PMS de WordPress versiones anteriores a 1.5.8, no presenta una comprobaci\u00f3n de tipo CSRF cuando es a\u00f1adida una campa\u00f1a de seguimiento, y no escapa de los campos de la campa\u00f1a cuando los muestra en los atributos. Como resultado, los atacantes podr\u00edan hacer que un administrador conectado a\u00f1adiera una campa\u00f1a de seguimiento con cargas \u00fatiles de tipo XSS en ellos por medio de un ataque de tipo CSRF"}], "id": "CVE-2022-1407", "lastModified": "2022-05-24T16:03:54.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-16T15:15:09.463", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/19a9e266-daf6-4cc5-a300-2b5436b6d07d"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Primary"}]}