CVE-2022-34658 — Cross-site Scripting in Eden INC Download Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 59.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

W3 Eden INC Download Manager W3eden Download Manager

Timeline

PublishedAug 23

Latest updateAug 24

Description

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDw3eden/download_manager3.2.48

▶CVEListV5w3_eden_inc/download_manager3.2.48

Patches

Patch: patchstack.com ↗Patch: patchstack.com ↗

🔴Vulnerability Details

GHSA

GHSA-mv7j-q5r3-px2w: Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3↗2022-08-24

▶

CVEList

WordPress Download Manager plugin <= 3.2.48 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities↗2022-08-23

▶