Awesome Support vulnerable to persistent cross-site scripting

2022-09-2200:00:22

CWE-79

GitHub Advisory Database

github.com

persistent cross-site scripting

awesome support

wordpress

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

Affected configurations

Vulners

Node

awesome-supportawesome-supportRange≤6.0.7

VendorProductVersionCPE
awesome-supportawesome-support*cpe:2.3:a:awesome-support:awesome-support:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
awesome-support	awesome-support	*	cpe:2.3:a:awesome-support:awesome-support::::::::

References

github.com/advisories/GHSA-qrqm-574x-q7f2

github.com/Awesome-Support/Awesome-Support/commit/85f460be88b81fbdd9a990f474a1252297902faf

github.com/Awesome-Support/Awesome-Support/commit/b2e831d7f831a3869cfd83eb79a398a5b5c0ec63

nvd.nist.gov/vuln/detail/CVE-2022-38073

patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-0-7-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities

wordpress.org/plugins/awesome-support/#developers