Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05bWYyLWhwajQtcnczcs4AAvoJ
TablePress Plugin vulnerable to Cross-site Scripting
A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Permalink: https://github.com/advisories/GHSA-9mf2-hpj4-rw3rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05bWYyLWhwajQtcnczcs4AAvoJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago
CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-9mf2-hpj4-rw3r, CVE-2022-3788
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-3788
- https://drive.google.com/file/d/10tk6wEh1hdkb2vVoqJqZJZsOtfxpniyY/view
- https://drive.google.com/file/d/1iRUtJYUZB0Ho-2Aqyw7TCtFN9L96UDfs/view
- https://vuldb.com/?id.212610
- https://github.com/advisories/GHSA-9mf2-hpj4-rw3r
Affected Packages
packagist:tobiasbg/tablepress
Dependent packages: 0Dependent repositories: 0
Downloads: 12,716 total
Affected Version Ranges: <= 2.0-RC1
No known fixed version
All affected versions: