CVE-2022-3788 – tobiasbg/tablepress

Package

Manager: composer
Name: tobiasbg/tablepress
Vulnerable Version: >=0 <=2.0-rc1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

TablePress Plugin vulnerable to Cross-site Scripting A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Metadata

Created: 2022-11-01T19:00:30Z
Modified: 2022-11-02T18:17:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9mf2-hpj4-rw3r/GHSA-9mf2-hpj4-rw3r.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9mf2-hpj4-rw3r
Finding: F425
Auto approve: 1