CVE-2022-2843Cross-site Scripting in Timetable AND Event Schedule

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA3.5
EPSS
0.3%
top 45.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Motopress Timetable AND Event Schedule
Timeline
PublishedAug 16
Latest updateAug 17

Description

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument post_title with the input leads to cross site scripting. The attack may be launched remotely. VDB-206486 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mcfr-r844-v779: A vulnerability was found in MotoPress Timetable and Event Schedule2022-08-17
CVEList
MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting2022-08-16
CVE-2022-2843 — Cross-site Scripting | cvebase