GHSA-9mf2-hpj4-rw3r

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9mf2-hpj4-rw3r/GHSA-9mf2-hpj4-rw3r.json

Aliases

CVE-2022-3788

Published

2022-11-01T19:00:30Z

Modified

2023-03-18T05:53:59.680137Z

Details

A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-3788
https://drive.google.com/file/d/10tk6wEh1hdkb2vVoqJqZJZsOtfxpniyY/view
https://drive.google.com/file/d/1iRUtJYUZB0Ho-2Aqyw7TCtFN9L96UDfs/view
https://github.com/TablePress/TablePress
https://vuldb.com/?id.212610

Affected packages

Packagist / tobiasbg/tablepress

tobiasbg/tablepress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

1.*

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.2.0

1.3.0

1.4.0

1.5.0

1.5.1

1.6.0

1.6.1

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

2.*

2.0

2.0-RC1

2.0-RC2

2.0-RC3

2.0-beta1

2.0-beta2

2.0.1

2.0.2

2.0.3

2.0.4

Database specific

{
    "last_known_affected_version_range": "<= 2.0-RC1"
}