CVE-2022-27231

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 46.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Veronalabs WP Statistics

Timeline

PublishedJun 13

Latest updateJun 14

Description

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDveronalabs/wp_statistics< 13.2.0

▶CVEListV5veronalabs/wp_statisticsversions prior to 13.2.0

🔴Vulnerability Details

GHSA

GHSA-fxpc-rm7r-rgg9: Cross-site scripting vulnerability exists in WP Statistics versions prior to 13↗2022-06-14

▶

CVEList

CVE-2022-27231: Cross-site scripting vulnerability exists in WP Statistics versions prior to 13↗2022-06-13

▶