Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05bWYyLWhwajQtcnczcs4AAvoJ

TablePress Plugin vulnerable to Cross-site Scripting

A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Permalink: https://github.com/advisories/GHSA-9mf2-hpj4-rw3r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05bWYyLWhwajQtcnczcs4AAvoJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago


CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-9mf2-hpj4-rw3r, CVE-2022-3788
References: Blast Radius: 1.0

Affected Packages

packagist:tobiasbg/tablepress
Dependent packages: 0
Dependent repositories: 0
Downloads: 12,716 total
Affected Version Ranges: <= 2.0-RC1
No known fixed version
All affected versions: