GHSA-9mf2-hpj4-rw3r

Suggest an improvement
Source
https://github.com/advisories/GHSA-9mf2-hpj4-rw3r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9mf2-hpj4-rw3r/GHSA-9mf2-hpj4-rw3r.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-9mf2-hpj4-rw3r
Aliases
  • CVE-2022-3788
Published
2022-11-01T19:00:30Z
Modified
2023-11-01T04:59:41.126475Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
TablePress Plugin vulnerable to Cross-site Scripting
Details

A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Database specific
{
    "nvd_published_at": "2022-11-01T14:15:00Z",
    "github_reviewed_at": "2022-11-02T18:17:35Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Packagist / tobiasbg/tablepress

Package

Name
tobiasbg/tablepress
Purl
pkg:composer/tobiasbg/tablepress

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.0-RC1

Affected versions

1.*

1.2.0
1.3.0
1.4.0
1.5.0
1.5.1
1.6.0
1.6.1
1.7.0
1.8.0
1.8.1
1.9.0
1.9.1
1.9.2
1.10.0
1.11.0
1.12.0
1.13.0
1.14.0

2.*

2.0-beta1
2.0-beta2
2.0-RC1