Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for support_svg by sayedulsayem

    CVE-2024-4272 (GCVE-0-2024-4272)

    Vulnerability from nvd – Published: 2024-07-13 06:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Support SVG < 1.1.0 - Stored XSS via SVG Upload
    Summary
    The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/ed1b1540-a0e2-43… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Support SVG Affected: 0 , < 1.1.0 (semver)
    Create a notification for this product.
    support_svg support_svg_wordpress Affected: 0 , < 1.1.0 (custom)
        cpe:2.3:a:support_svg:support_svg_wordpress:1.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Rayhan Ramdhany Hanaputra WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:support_svg:support_svg_wordpress:1.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "support_svg_wordpress",
                "vendor": "support_svg",
                "versions": [
                  {
                    "lessThan": "1.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4272",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T14:30:35.801114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T14:34:09.083Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/ed1b1540-a0e2-434e-8769-9532c3ed5e31/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Support SVG ",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rayhan Ramdhany Hanaputra"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Support SVG  WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-13T06:00:06.185Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/ed1b1540-a0e2-434e-8769-9532c3ed5e31/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Support SVG \u003c 1.1.0 - Stored XSS via SVG Upload",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-4272",
        "datePublished": "2024-07-13T06:00:06.185Z",
        "dateReserved": "2024-04-26T19:30:40.100Z",
        "dateUpdated": "2024-08-01T20:33:53.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4272 (GCVE-0-2024-4272)

    Vulnerability from cvelistv5 – Published: 2024-07-13 06:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Support SVG < 1.1.0 - Stored XSS via SVG Upload
    Summary
    The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/ed1b1540-a0e2-43… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Support SVG Affected: 0 , < 1.1.0 (semver)
    Create a notification for this product.
    support_svg support_svg_wordpress Affected: 0 , < 1.1.0 (custom)
        cpe:2.3:a:support_svg:support_svg_wordpress:1.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Rayhan Ramdhany Hanaputra WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:support_svg:support_svg_wordpress:1.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "support_svg_wordpress",
                "vendor": "support_svg",
                "versions": [
                  {
                    "lessThan": "1.1.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4272",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T14:30:35.801114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T14:34:09.083Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:53.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/ed1b1540-a0e2-434e-8769-9532c3ed5e31/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Support SVG ",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Rayhan Ramdhany Hanaputra"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Support SVG  WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-13T06:00:06.185Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/ed1b1540-a0e2-434e-8769-9532c3ed5e31/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Support SVG \u003c 1.1.0 - Stored XSS via SVG Upload",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-4272",
        "datePublished": "2024-07-13T06:00:06.185Z",
        "dateReserved": "2024-04-26T19:30:40.100Z",
        "dateUpdated": "2024-08-01T20:33:53.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }