CVE-2022-33994

30.07.2022, 20:15

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3 LOW	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
gutenberg_project	gutenberg	𝑥 ≤ 13.7.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/

https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/

https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/

https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/