Lucene search

[email protected]NVD:CVE-2022-45285

HistoryFeb 13, 2023 - 8:15 p.m.

CVE-2022-45285

2023-02-1320:15:10

CWE-79

[email protected]

web.nvd.nist.gov

vsourz digital

contact form 7

xss

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.1%

JSON

Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).

Affected configurations

Nvd

Node

vsourzadvanced_cf7_dbMatch1.7.2wordpress

vsourzadvanced_cf7_dbMatch1.9.1wordpress

VendorProductVersionCPE
vsourzadvanced_cf7_db1.7.2cpe:2.3:a:vsourz:advanced_cf7_db:1.7.2:*:*:*:*:wordpress:*:*
vsourzadvanced_cf7_db1.9.1cpe:2.3:a:vsourz:advanced_cf7_db:1.9.1:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
vsourz	advanced_cf7_db	1.7.2	cpe:2.3:a:vsourz:advanced_cf7_db:1.7.2:::::wordpress::
vsourz	advanced_cf7_db	1.9.1	cpe:2.3:a:vsourz:advanced_cf7_db:1.9.1:::::wordpress::

References

github.com/IthacaLabs/Vsourz-Digital/blob/main/AdvancedContactForm_CF7_DB_XSS/

github.com/IthacaLabs/Vsourz-Digital/blob/main/AdvancedContactForm_CF7_DB_XSS/AdvancedContactForm_CF7_DB_XSS.txt

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.1%

JSON

Related for NVD:CVE-2022-45285

cvelist1 cve1 prion1