CVE-2022-3823

EPSS 0.28%
Veröffentlicht 28.11.2022 14:15:14
Zuletzt bearbeitet 25.04.2025 15:15:31
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Mögliche Gegenmaßnahme

Beautiful Cookie Consent Banner: Update to version 2.9.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Beautiful Cookie Consent Banner

Version * - 2.9.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Beautiful-cookie-banner ≫ Beautiful Cookie Consent Banner SwPlatformwordpress Version < 2.9.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.509

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

https://wpscan.com/vulnerability/a072b091-5e5f-4e88-bd3d-2f4582e6564e

Third Party Advisory

https://wpscan.com/vulnerability/a072b091-5e5f-4e88-bd3d-2f4582e6564e/

https://www.wordfence.com/threat-intel/vulnerabilities/id/dd1b6b89-6c3c-4956-aa99-798ce186eb97

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3823

EUVD