Lucene search
WPScanCVE-2022-3987HistoryDec 19, 2022 - 2:15 p.m.
CVE-2022-3987
2022-12-1914:15:11
CWE-79
WPScan
web.nvd.nist.gov
40
cve
2022
3987
wordpress
plugin
security
xss
nvd
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.1%
The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Affected configurations
Node
noorspluginresponsive_lightbox2Range<1.0.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| noorsplugin | responsive_lightbox2 | * | cpe:2.3:a:noorsplugin:responsive_lightbox2:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Responsive Lightbox2",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.0.4"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
2022-11-22 00:00:00
cvelist
cvelist
CVE-2022-3987 Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
2022-12-19 13:41:47
wpexploit
wpexploit
Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
2022-11-22 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-12-19 14:15:00
nvd
nvd
CVE-2022-3987
2022-12-19 14:15:11
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.1%
Related for CVE-2022-3987