VDB-206487 · CVE-2022-2844 · GCVE-100-206487

MotoPress Timetable and Event Schedule har 1.4.06 ka WordPress Calendar Subject/Location/Description Cross Site Scripting

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin MotoPress Timetable and Event Schedule har 1.4.06 on WordPress. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 na cikin fayil, Calendar Handler na cikin sashi. Ngam manipulation of the argument Subject/Location/Description shi Cross Site Scripting. CWE shidin ka a yi bayani matsala sai ya kai CWE-79. Gaskiya, laifi an fitar da shi 08/16/2022 ta Mostafa Farzaneh. Advisory ɗin ana rabawa don saukewa a vuldb.com. Wannan rauni ana sayar da shi da suna CVE-2022-2844. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 66 Datenpunkte

Furɗe	Súgá 08/16/2022 15:51	Gargadi 1/2 09/17/2022 07:47	Gargadi 2/2 09/17/2022 07:54
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
person_name	Mostafa Farzaneh	Mostafa Farzaneh	Mostafa Farzaneh
exploit_availability	1	1	1
source_cve	CVE-2022-2844	CVE-2022-2844	CVE-2022-2844
cna_responsible	VulDB	VulDB	VulDB
software_vendor	MotoPress	MotoPress	MotoPress
software_name	Timetable and Event Schedule	Timetable and Event Schedule	Timetable and Event Schedule
software_version	<=1.4.06	<=1.4.06	<=1.4.06
software_platform	WordPress	WordPress	WordPress
software_component	Calendar Handler	Calendar Handler	Calendar Handler
software_file	/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2	/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2	/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2
software_argument	Subject/Location/Description	Subject/Location/Description	Subject/Location/Description
vulnerability_cwe	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
advisory_date	1660600800 (08/16/2022)	1660600800 (08/16/2022)	1660600800 (08/16/2022)
software_type	WordPress Plugin	WordPress Plugin	WordPress Plugin
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2
cvss3_meta_basescore	3.5	3.5	4.4
cvss3_meta_tempscore	3.2	3.2	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
advisory_url		https://vuldb.com/?id.206487	https://vuldb.com/?id.206487
cve_assigned		1660600800 (08/16/2022)	1660600800 (08/16/2022)
cve_nvd_summary		A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.	A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			3.5

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!