Lucene search
WPScanCVE-2022-3853HistoryDec 12, 2022 - 6:15 p.m.
CVE-2022-3853
2022-12-1218:15:10
CWE-352
WPScan
web.nvd.nist.gov
27
cve-2022-3853
cross-site scripting
xss
code injection
web browser security
information security
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
16.4%
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Affected configurations
Node
supra-csv-parser_projectsupra-csv-parserRange≤4.0.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| supra-csv-parser_project | supra-csv-parser | * | cpe:2.3:a:supra-csv-parser_project:supra-csv-parser:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Supra CSV",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "4.0.3"
}
],
"defaultStatus": "affected"
}
]Related
prion
prion
Cross site scripting
2022-12-12 18:15:00
nvd
nvd
CVE-2022-3853
2022-12-12 18:15:10
cvelist
cvelist
CVE-2022-3853 Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF
2022-12-12 17:54:45
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
16.4%
Related for CVE-2022-3853