CVE-2022-4227

{"id": "CVE-2022-4227", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-12-26T13:15:13.777", "references": [{"url": "https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting"}, {"lang": "es", "value": "El complemento Booster para WooCommerce de WordPress anterior a 5.6.3, el complemento de WordPress Booster Plus para WooCommerce anterior a 6.0.0 y el complemento de WordPress Booster Elite para WooCommerce anterior a 6.0.0 no escapan de algunas URL y par\u00e1metros antes de devolverlos en atributos, lo que lleva a Cross-Site Scripting Reflejado"}], "lastModified": "2025-04-14T14:15:22.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:booster:booster_elite_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A1FACFE0-A020-4C6E-97D0-33379E099105", "versionEndExcluding": "6.0.0"}, {"criteria": "cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "544E1476-3E5F-42FF-9B2B-0B6FB54656D5", "versionEndExcluding": "5.6.3"}, {"criteria": "cpe:2.3:a:booster:booster_plus_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "73A30B72-C945-490B-9570-8E9A3CFB616E", "versionEndExcluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}