gsd - gsd-2017-2168

gsd-2017-2168

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Aliases

CVE-2017-2168

Aliases

CVE-2017-2168

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2168",
    "description": "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2017-2168"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2168"
      ],
      "details": "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2017-2168",
      "modified": "2023-12-13T01:21:05.941446Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2168",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WP Booking System Free version",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to version 1.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WP Booking System Premium version",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to version 3.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "WP Booking System"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#96165722",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN96165722/index.html"
          },
          {
            "name": "https://wpvulndb.com/vulnerabilities/8830",
            "refsource": "MISC",
            "url": "https://wpvulndb.com/vulnerabilities/8830"
          },
          {
            "name": "JVNDB-2017-000092",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092"
          },
          {
            "name": "https://wordpress.org/plugins/wp-booking-system/#developers",
            "refsource": "CONFIRM",
            "url": "https://wordpress.org/plugins/wp-booking-system/#developers"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wpbookingsystem:wp_booking_system:*:*:*:*:premium:wordpress:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wpbookingsystem:wp_booking_system:*:*:*:*:free:wordpress:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2168"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/plugins/wp-booking-system/#developers",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://wordpress.org/plugins/wp-booking-system/#developers"
            },
            {
              "name": "JVN#96165722",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN96165722/index.html"
            },
            {
              "name": "JVNDB-2017-000092",
              "refsource": "JVNDB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092"
            },
            {
              "name": "https://wpvulndb.com/vulnerabilities/8830",
              "refsource": "MISC",
              "tags": [],
              "url": "https://wpvulndb.com/vulnerabilities/8830"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-07-17T13:18Z",
      "publishedDate": "2017-05-22T16:29Z"
    }
  }
}

CVE-2017-2168 (GCVE-0-2017-2168)

Vulnerability from cvelistv5

Published

2017-05-22 16:00

Modified

2024-08-05 13:48

Severity ?

CWE

Cross-site scripting

Summary

References

URL

Tags

	https://jvn.jp/en/jp/JVN96165722/index.html	third-party-advisory, x_refsource_JVN
	https://wpvulndb.com/vulnerabilities/8830	x_refsource_MISC
	http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092	third-party-advisory, x_refsource_JVNDB
	https://wordpress.org/plugins/wp-booking-system/#developers	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

WP Booking System

WP Booking System Free version

Version: prior to version 1.4

WP Booking System

WP Booking System Premium version

Version: prior to version 3.7

Show details on NVD website