FKIE_CVE-2022-2516

Vulnerability from fkie_nvd - Published: 2022-09-06 18:15 - Updated: 2024-11-21 07:01
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail=Patch, Third Party Advisory
security@wordfence.comhttps://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2778808%40visualcomposer&new=2778808%40visualcomposer&sfp_email=&sfph_mail=Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516Third Party Advisory
Impacted products
Vendor Product Version
visualcomposer visual_composer_website_builder *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:visualcomposer:visual_composer_website_builder:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "72236E6D-2519-4BD6-9566-9E0ABD983BCF",
              "versionEndIncluding": "45.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page \u0027Title\u0027 value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    },
    {
      "lang": "es",
      "value": "El plugin Visual Composer Website Builder para WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado por medio del valor \"Title\" de la entrada/p\u00e1gina en versiones hasta 45.0 incluy\u00e9ndola, debido a un insuficiente saneo de la entrada y escape de la salida. Esto hace posible a atacantes autenticados con acceso al editor de visual composer inyecten scripts web arbitrarios en las p\u00e1ginas que ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.\n"
    }
  ],
  "id": "CVE-2022-2516",
  "lastModified": "2024-11-21T07:01:09.420",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "security@wordfence.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-06T18:15:14.133",
  "references": [
    {
      "source": "security@wordfence.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "source": "security@wordfence.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2778808%40visualcomposer\u0026new=2778808%40visualcomposer\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2516"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@wordfence.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.