Lucene search
HistoryOct 10, 2022 - 9:15 p.m.
CVE-2022-3137
taskbuilder
plugin
vulnerability
stored xss
svg
attachments
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.8%
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file
Affected configurations
Node
taskbuildertaskbuilderRange<1.0.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| taskbuilder | taskbuilder | * | cpe:2.3:a:taskbuilder:taskbuilder:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
2022-09-15 00:00:00
prion
prion
Cross site scripting
2022-10-10 21:15:00
cvelist
cvelist
patchstack
patchstack
cnvd
cnvd
WordPress Taskbuilder Cross-Site Scripting Vulnerability
2022-10-12 00:00:00
wpexploit
wpexploit
TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
2022-09-15 00:00:00
cve
cve
CVE-2022-3137
2022-10-10 21:15:11
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
24.8%
Related for NVD:CVE-2022-3137