CVE-2022-29923 - OpenCVE

Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Thingsforrestaurants	Quick Restaurant Reservations

Configuration 1 [-]

cpe:2.3:a:thingsforrestaurants:quick_restaurant_reservations:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-05-12T00:00:00

Updated: 2024-01-08T21:29:49.762Z

Reserved: 2022-06-08T00:00:00

Link: CVE-2022-29923

JSON object: View

NVD Information

Status : Modified

Published: 2022-07-20T19:15:14.463

Modified: 2024-01-08T22:15:44.267

Link: CVE-2022-29923

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "quick-restaurant-reservations", "product": "Quick Restaurant Reservations (WordPress plugin)", "vendor": "ThingsForRestaurants", "versions": [{"changes": [{"at": "1.4.2", "status": "unaffected"}], "lessThanOrEqual": "1.4.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "FearZzZz (Patchstack Alliance)"}], "datePublic": "2022-05-11T21:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.<p>This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.</p>"}], "value": "Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.\n\n"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-01-08T21:29:49.762Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update to 1.4.2 or higher version.</p>"}], "value": "Update to 1.4.2 or higher version.\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Quick Restaurant Reservations plugin <= 1.4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-05-12T12:59:00.000Z", "ID": "CVE-2022-29923", "STATE": "PUBLIC", "TITLE": "WordPress Quick Restaurant Reservations plugin <= 1.4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Quick Restaurant Reservations (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 1.4.1", "version_value": "1.4.1"}]}}]}, "vendor_name": "ThingsForRestaurants"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by BEE-K (Patchstack)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.4.1 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/quick-restaurant-reservations/#developers", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/quick-restaurant-reservations/#developers"}, {"name": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability"}]}, "solution": [{"lang": "en", "value": "Update to 1.4.2 or higher version."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-29923", "datePublished": "2022-05-12T00:00:00", "dateReserved": "2022-06-08T00:00:00", "dateUpdated": "2024-01-08T21:29:49.762Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thingsforrestaurants:quick_restaurant_reservations:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B03D3A3-4B43-4A9E-A51D-EF4F697ACCD1", "versionEndExcluding": "1.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) autenticada (rol de administrador o usuario superior) en el plugin ThingsForRestaurants Quick Restaurant Reservations versiones anteriores a 1.4.1 incluy\u00e9ndola, en WordPress"}], "id": "CVE-2022-29923", "lastModified": "2024-01-08T22:15:44.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-07-20T19:15:14.463", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/vulnerability/quick-restaurant-reservations/wordpress-quick-restaurant-reservations-plugin-1-4-1-authenticated-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Primary"}]}