CVE-2022-0431

{"id": "CVE-2022-0431", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-04-04T16:15:09.253", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2690415", "tags": ["Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/52bd94df-8816-48fd-8788-38d045eb57ca", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting"}, {"lang": "es", "value": "El plugin Insights from Google PageSpeed de WordPress versiones hasta 4.0.4, no sanea ni escapa de varios par\u00e1metros antes de devolverlos en atributos en el panel de configuraci\u00f3n del plugin, conllevando a un ataque de tipo Cross-Site Scripting Reflejado"}], "lastModified": "2022-04-11T17:51:35.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insights_from_google_pagespeed_project:insights_from_google_pagespeed:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F988C518-FA24-4E68-A453-BF662D062C13", "versionEndExcluding": "4.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}