5.3
CVE-2022-3941
- EPSS 0.69%
- Veröffentlicht 11.11.2022 07:15:14
- Zuletzt bearbeitet 21.11.2024 07:20:34
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginActivity Log Plugin HTTP Header neutralization for logs
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Activity Log Project ≫ Activity Log Version- SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.477 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-707 Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
https://drive.google.com/file/d/1YNOLomPC95rRvtk0topUhStVIa7Y8lcq/view
https://drive.google.com/file/d/1x-pgK3_-uS7NWfkEt_tk4Wc9FhXk-pYX/view
https://vuldb.com/?id.213448