Lucene search
WPScanCVE-2022-3937HistoryDec 19, 2022 - 2:15 p.m.
CVE-2022-3937
2022-12-1914:15:11
WPScan
web.nvd.nist.gov
30
cve-2022-3937
easy video player
wordpress plugin
xss
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.1%
The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Affected configurations
Node
noorsplugineasy_video_playerRange<1.2.2.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| noorsplugin | easy_video_player | * | cpe:2.3:a:noorsplugin:easy_video_player:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Easy Video Player",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.2.2.3"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
2022-11-22 00:00:00
prion
prion
Cross site scripting
2022-12-19 14:15:00
wpexploit
wpexploit
Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
2022-11-22 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-3937 Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
2022-12-19 13:41:41
nvd
nvd
CVE-2022-3937
2022-12-19 14:15:11
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.1%
Related for CVE-2022-3937