CVE-2022-2391 - OpenCVE

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wpzoom	Inspiro Pro

Configuration 1 [-]

cpe:2.3:a:wpzoom:inspiro_pro:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/dd6ebf6b-209b-437c-9fe4-527ab9e3b9e3	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-08T13:48:28

Updated: 2022-08-08T13:48:28

Reserved: 2022-07-12T00:00:00

Link: CVE-2022-2391

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-08T14:15:09.117

Modified: 2022-08-12T14:06:10.353

Link: CVE-2022-2391

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Inspiro PRO", "vendor": "Unknown", "versions": [{"lessThan": "7.2.3", "status": "affected", "version": "7.2.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Fortune Sam Okon"}], "descriptions": [{"lang": "en", "value": "The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-08T13:48:28", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/dd6ebf6b-209b-437c-9fe4-527ab9e3b9e3"}], "source": {"discovery": "EXTERNAL"}, "title": "Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2391", "STATE": "PUBLIC", "TITLE": "Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Inspiro PRO", "version": {"version_data": [{"version_affected": "<", "version_name": "7.2.3", "version_value": "7.2.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Fortune Sam Okon"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-Site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/dd6ebf6b-209b-437c-9fe4-527ab9e3b9e3", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/dd6ebf6b-209b-437c-9fe4-527ab9e3b9e3"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2391", "datePublished": "2022-08-08T13:48:28", "dateReserved": "2022-07-12T00:00:00", "dateUpdated": "2022-08-08T13:48:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}