CVE-2022-41990 - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cardozatechnologies	Cardoza-3d-tag-cloud

Configuration 1 [-]

cpe:2.3:a:cardozatechnologies:cardoza-3d-tag-cloud:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-01-17T16:18:58.872Z

Updated: 2024-01-17T16:18:58.872Z

Reserved: 2022-10-19T11:14:13.127Z

Link: CVE-2022-41990

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-17T17:15:09.757

Modified: 2024-01-24T18:44:19.600

Link: CVE-2022-41990

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-41990", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-10-19T11:14:13.127Z", "datePublished": "2024-01-17T16:18:58.872Z", "dateUpdated": "2024-01-17T16:18:58.872Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "cardoza-3d-tag-cloud", "product": "3D Tag Cloud", "vendor": "Vinoj Cardoza", "versions": [{"lessThanOrEqual": "3.8", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Istv\u00e1n M\u00e1rton (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.<p>This issue affects 3D Tag Cloud: from n/a through 3.8.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-01-17T16:18:58.872Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}