CVE-2017-20177

A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/joseconti/WangGuard/commit/88414951e30773c8d2ec13b99642688284bf3189	Patch
https://github.com/joseconti/WangGuard/pull/14	Issue Tracking Patch
https://vuldb.com/?id.220214	Third Party Advisory
https://vuldb.com/?ctiid.220214	Permissions Required Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:wangguard_project:wangguard:1.8.0:*:*:*:*:wordpress:*:*

Information

Published : 2023-02-06 12:15

Updated : 2023-02-13 18:19

NVD link : CVE-2017-20177

Mitre link : CVE-2017-20177

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

wangguard_project

wangguard

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/joseconti/WangGuard/commit/88414951e30773c8d2ec13b99642688284bf3189", "name": "https://github.com/joseconti/WangGuard/commit/88414951e30773c8d2ec13b99642688284bf3189", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://github.com/joseconti/WangGuard/pull/14", "name": "https://github.com/joseconti/WangGuard/pull/14", "tags": ["Issue Tracking", "Patch"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.220214", "name": "https://vuldb.com/?id.220214", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.220214", "name": "https://vuldb.com/?ctiid.220214", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-20177", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2023-02-06T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:wangguard_project:wangguard:1.8.0:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-14T02:19Z"}