NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2022-43500

Summary	Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.
Publication Date	Dec. 5, 2022, 1:15 p.m.
Registration Date	Dec. 5, 2022, 4 p.m.
Last Update	Nov. 21, 2024, 4:26 p.m.

CVSS3.1 : MEDIUM
スコア	6.1
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更あり
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:wordpress:wordpress::::::::		6.0			6.0.3
cpe:2.3:a:wordpress:wordpress::::::::		5.9			5.9.5
cpe:2.3:a:wordpress:wordpress::::::::		5.8			5.8.6
cpe:2.3:a:wordpress:wordpress::::::::		5.7			5.7.8
cpe:2.3:a:wordpress:wordpress::::::::		5.6			5.6.10
cpe:2.3:a:wordpress:wordpress::::::::		5.5			5.5.11
cpe:2.3:a:wordpress:wordpress::::::::		5.4			5.4.12
cpe:2.3:a:wordpress:wordpress::::::::		5.3			5.3.14
cpe:2.3:a:wordpress:wordpress::::::::		5.2			5.2.17
cpe:2.3:a:wordpress:wordpress::::::::		5.1			5.1.15
cpe:2.3:a:wordpress:wordpress::::::::		5.0			5.0.18
cpe:2.3:a:wordpress:wordpress::::::::		4.9			4.9.22
cpe:2.3:a:wordpress:wordpress::::::::		4.8			4.8.21
cpe:2.3:a:wordpress:wordpress::::::::		4.7			4.7.25
cpe:2.3:a:wordpress:wordpress::::::::		4.6			4.6.25
cpe:2.3:a:wordpress:wordpress::::::::		4.5			4.5.28
cpe:2.3:a:wordpress:wordpress::::::::		4.4			4.4.29
cpe:2.3:a:wordpress:wordpress::::::::		4.3			4.3.30
cpe:2.3:a:wordpress:wordpress::::::::		4.2			4.2.34
cpe:2.3:a:wordpress:wordpress::::::::		4.1			4.1.37
cpe:2.3:a:wordpress:wordpress::::::::		4.0			4.0.37
cpe:2.3:a:wordpress:wordpress::::::::		3.9			3.9.39
cpe:2.3:a:wordpress:wordpress::::::::		3.8			3.8.40
cpe:2.3:a:wordpress:wordpress::::::::					3.7.40

Related information, measures and tools

No	URL	refsource	タグ
1	https://jvn.jp/en/jp/JVN09409909/index.html		Third Party Advisory
2	https://jvn.jp/en/jp/JVN09409909/index.html		Third Party Advisory
3	https://wordpress.org/download/		Product
4	https://wordpress.org/download/		Product
5	https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/		Patch Release Notes Vendor Advisory
6	https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/		Patch Release Notes Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html