{"vulnerability": "CVE-2022-21662", "sightings": [{"uuid": "73c3dfcd-6a44-45b3-b822-1b7fa016069a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21662", "type": "seen", "source": "https://t.me/cibsecurity/35091", "content": "\u203c CVE-2022-21662 \u203c\n\nWordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-07T02:16:27.000000Z"}, {"uuid": "ac3dcd6b-db9e-45a6-8529-fac41dc5e3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21662", "type": "published-proof-of-concept", "source": "https://t.me/HelixsCrewOfficial/133", "content": "WordPress: Stored XSS through authenticated users\n\nCVE ID :\nCVE-2022-21662\n\nDampak :\nPengguna yang memiliki hak rendah seperti penulis dapat menjalankan JavaScript/melakukan serangan Stored XSS, yang dapat memengaruhi pengguna dengan hak yang lebih tinggi seperti administartor.\n\nReferensi :\nhttps://wordpress.org/news/category/releases/\nhttps://hackerone.com/reports/425342\n\nseverity level rated high, 8.0/10\n\nVulnerability ini terdapat pada \"judul\" dari artikel yang dibuat user, dengan payload sederhana maka XSS akan tereksekusi. Pada gambar saya mencoba membuat artikel (WordPress Versi 5.8.2) dengan akun user dan menaruh payload dari XSS hunter pada judul artikel, jika seseorang membuka artikel yang telah saya buat maka payload akan tereksekusi. Stored XSS pada WordPress ini dapat dimanfaatkan attacker untuk mencuri cookies milik user lain. Kerentanan jenis ini telah di perbaiki pada versi 5.8.3 bersamaan dengan 3 kerentanan lainnya.\n\n#HelixsID\n#BugHunt", "creation_timestamp": "2022-01-16T02:11:15.000000Z"}]}