GHSA-9mf2-hpj4-rw3r

Source

https://github.com/advisories/GHSA-9mf2-hpj4-rw3r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9mf2-hpj4-rw3r/GHSA-9mf2-hpj4-rw3r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9mf2-hpj4-rw3r

Aliases

CVE-2022-3788

Published

2022-11-01T19:00:30Z

Modified

2023-11-08T04:10:10.154960Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

TablePress Plugin vulnerable to Cross-site Scripting

Details

A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Database specific

{
    "nvd_published_at": "2022-11-01T14:15:00Z",
    "github_reviewed_at": "2022-11-02T18:17:35Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / tobiasbg/tablepress

Package

Name: tobiasbg/tablepress
Purl: pkg:composer/tobiasbg/tablepress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.0-RC1

Affected versions

1.*

1.2.0

1.3.0

1.4.0

1.5.0

1.5.1

1.6.0

1.6.1

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

2.*

2.0-beta1

2.0-beta2

2.0-RC1