CVE-2022-3506
published 2022-10-14CVE-2022-3506: Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.11%
61.9th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barrykooij | barrykooij_related-posts-for-wp | >= unspecified < 2.1.3 | 2.1.3 |
| linux | linux_kernel | >= 0 < 4.15.0-173.182 | 4.15.0-173.182 |
| never5 | related_posts | < 2.1.3 | 2.1.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
osv7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j5xh-7x7x-vvpj: Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2
ghsa_unreviewed·2022-10-14
CVE-2022-3506 [MEDIUM] CWE-79 GHSA-j5xh-7x7x-vvpj: Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2022-03-22·CVSS 7.1
CVE-2022-0492 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)
Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physica
No detection rules found.
Nuclei
WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2022-3506 [MEDIUM] WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting
WordPress Related Posts ")'
- "contains(body_4, 'The amount of automatically')"
condition: and
extractors:
- type: regex
name: nonce
group: 1
regex:
- 'name="_wpnonce" value="([0-9a-z]+)" />'
internal: true
part: body
# digest: 4a0a00473045022100814d11097c70d4658957a2dd73ccd24f97ed96c7a70256aa1cc9a46cb92378fe022044f250b89bb9910a4e5ec15028127eb17aff5c3ddec7d5da5c0abf7059db077c:922c64590222798bb761d5b6d8e72950
Nuclei
Swagger UI < 3.38.0 - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2018-25031 [MEDIUM] Swagger UI < 3.38.0 - Cross-Site Scripting
Swagger UI < 3.38.0 - Cross-Site Scripting
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Template:
id: CVE-2018-25031
info:
name: Swagger UI < 3.38.0 - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
impact: |
Attackers can trick users into viewing malicious OpenAPI definitions, potentially leading to information disclosure or further attacks.
remediation: |
Update to the latest version o
No writeups or analysis indexed.
https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
2022-10-14
Published