Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-4755

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Dec, 2022 | 09:39
Updated At-17 May, 2024 | 02:16
Rejected At-
Credits

FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Dec, 2022 | 09:39
Updated At:01 Jan, 1000 | 00:00
Rejected At:
▼CVE Numbering Authority (CNA)
FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.

Affected Products
Vendor
n/a
Product
FlatPress
Modules
  • Media Manager Plugin
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross Site Scripting
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross Site Scripting
Metrics
VersionBase scoreBase severityVector
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.03.5LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Advisory disclosed2022-12-27 00:00:00
VulDB entry created2022-12-27 01:00:00
VulDB last update2022-12-27 10:44:08
Event: Advisory disclosed
Date: 2022-12-27 00:00:00
Event: VulDB entry created
Date: 2022-12-27 01:00:00
Event: VulDB last update
Date: 2022-12-27 10:44:08
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.216869
vdb-entry
technical-description
https://vuldb.com/?ctiid.216869
signature
permissions-required
https://github.com/flatpressblog/flatpress/issues/177
issue-tracking
https://github.com/flatpressblog/flatpress/commit/d3f329496536dc99f9707f2f295d571d65a496f5
patch
Hyperlink: https://vuldb.com/?id.216869
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.216869
Resource:
signature
permissions-required
Hyperlink: https://github.com/flatpressblog/flatpress/issues/177
Resource:
issue-tracking
Hyperlink: https://github.com/flatpressblog/flatpress/commit/d3f329496536dc99f9707f2f295d571d65a496f5
Resource:
patch
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Dec, 2022 | 10:15
Updated At:17 May, 2024 | 02:16

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CPE Matches
flatpress
flatpress
>>flatpress>>-
cpe:2.3:a:flatpress:flatpress:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarycna@vuldb.com
CWE ID: CWE-79
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/flatpressblog/flatpress/commit/d3f329496536dc99f9707f2f295d571d65a496f5cna@vuldb.com
Patch
Third Party Advisory
https://github.com/flatpressblog/flatpress/issues/177cna@vuldb.com
Issue Tracking
Patch
Third Party Advisory
https://vuldb.com/?ctiid.216869cna@vuldb.com
Third Party Advisory
https://vuldb.com/?id.216869cna@vuldb.com
Third Party Advisory
Hyperlink: https://github.com/flatpressblog/flatpress/commit/d3f329496536dc99f9707f2f295d571d65a496f5
Source: cna@vuldb.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/flatpressblog/flatpress/issues/177
Source: cna@vuldb.com
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.216869
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://vuldb.com/?id.216869
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found