Lucene search
PatchstackCVELIST:CVE-2024-22293HistoryJan 31, 2024 - 5:33 p.m.
CVE-2024-22293 WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)
2024-01-3117:33:39
CWE-79
Patchstack
www.cve.org
cve-2024-22293
cross site scripting
web page generation
reflected xss
andrea tarantini bp profile search
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.0%
Improper Neutralization of Input During Web Page Generation (βCross-site Scriptingβ) vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bp-profile-search",
"product": "BP Profile Search",
"vendor": "Andrea Tarantini",
"versions": [
{
"changes": [
{
"at": "5.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-22293
2024-01-31 18:15:49
wpvulndb
wpvulndb
BP Profile Search < 5.6 - Reflected Cross-Site Scripting via BPS_FORM
2024-01-19 00:00:00
prion
prion
Cross site scripting
2024-01-31 18:15:00
cve
cve
CVE-2024-22293
2024-01-31 18:15:49
wordfence
wordfence
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.0%
Related for CVELIST:CVE-2024-22293