Vulnerabilites related to Unknown - Greenshift
cve-2023-0378
Vulnerability from cvelistv5
Published
2023-02-21 08:50
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
References
▼ | URL | Tags |
---|---|---|
https://wpscan.com/vulnerability/3313cc05-2267-4d93-a8a8-2c0701c21f66 | exploit, vdb-entry, technical-description |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Unknown | Greenshift |
Version: 0 < 5.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "exploit", "vdb-entry", "technical-description", "x_transferred" ], "url": "https://wpscan.com/vulnerability/3313cc05-2267-4d93-a8a8-2c0701c21f66" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "product": "Greenshift", "vendor": "Unknown", "versions": [ { "lessThan": "5.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lana Codes" }, { "lang": "en", "type": "coordinator", "value": "WPScan" } ], "descriptions": [ { "lang": "en", "value": "The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-21T08:50:43.727Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan" }, "references": [ { "tags": [ "exploit", "vdb-entry", "technical-description" ], "url": "https://wpscan.com/vulnerability/3313cc05-2267-4d93-a8a8-2c0701c21f66" } ], "source": { "discovery": "EXTERNAL" }, "title": "Greenshift \u003c 5.0 - Contributor+ Stored XSS", "x_generator": { "engine": "WPScan CVE Generator" } } }, "cveMetadata": { "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2023-0378", "datePublished": "2023-02-21T08:50:43.727Z", "dateReserved": "2023-01-18T07:25:33.903Z", "dateUpdated": "2024-08-02T05:10:55.649Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4653
Vulnerability from cvelistv5
Published
2023-01-16 15:37
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
References
▼ | URL | Tags |
---|---|---|
https://wpscan.com/vulnerability/fa44ed44-9dac-4b4f-aaa3-503b76034578 | exploit, vdb-entry, technical-description |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Unknown | Greenshift |
Version: 0 < 4.8.9 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:48:38.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "exploit", "vdb-entry", "technical-description", "x_transferred" ], "url": "https://wpscan.com/vulnerability/fa44ed44-9dac-4b4f-aaa3-503b76034578" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "product": "Greenshift", "vendor": "Unknown", "versions": [ { "lessThan": "4.8.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lana Codes" }, { "lang": "en", "type": "coordinator", "value": "WPScan" } ], "descriptions": [ { "lang": "en", "value": "The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-16T15:37:45.683Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan" }, "references": [ { "tags": [ "exploit", "vdb-entry", "technical-description" ], "url": "https://wpscan.com/vulnerability/fa44ed44-9dac-4b4f-aaa3-503b76034578" } ], "source": { "discovery": "EXTERNAL" }, "title": "Greenshift \u2013 animation and page builder blocks \u003c 4.8.9 - Contributor+ Stored XSS via Shortcode", "x_generator": { "engine": "WPScan CVE Generator" } } }, "cveMetadata": { "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-4653", "datePublished": "2023-01-16T15:37:45.683Z", "dateReserved": "2022-12-22T09:46:40.281Z", "dateUpdated": "2024-08-03T01:48:38.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }