CVE-2022-0780 - Vulnerability Details - OpenCVE

The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01135.

Key SSVC decision points have not yet been added.

Vendors	Products
Searchiq	Searchiq

Configuration 1 [-]

cpe:2.3:a:searchiq:searchiq:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-15832	The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-04-18T17:10:36

Updated: 2024-08-02T23:40:04.226Z

Reserved: 2022-02-28T00:00:00

Link: CVE-2022-0780

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-18T18:15:08.473

Modified: 2024-11-21T06:39:22.980

Link: CVE-2022-0780

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "SearchIQ \u2013 The Search Solution", "vendor": "Unknown", "versions": [{"lessThan": "3.9", "status": "affected", "version": "3.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "cydave"}], "descriptions": [{"lang": "en", "value": "The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-18T17:10:36", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825"}], "source": {"discovery": "EXTERNAL"}, "title": "SearchIQ < 3.9 - Unauthenticated Stored XSS", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-0780", "STATE": "PUBLIC", "TITLE": "SearchIQ < 3.9 - Unauthenticated Stored XSS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SearchIQ \u2013 The Search Solution", "version": {"version_data": [{"version_affected": "<", "version_name": "3.9", "version_value": "3.9"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "cydave"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:40:04.226Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-0780", "datePublished": "2022-04-18T17:10:36", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-02T23:40:04.226Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:searchiq:searchiq:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A591BBDF-1A36-4065-8C08-0551E96A2EEA", "versionEndExcluding": "3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter"}, {"lang": "es", "value": "El plugin SearchIQ de WordPress versiones anteriores a 3.9, contiene un flag para deshabilitar la verificaci\u00f3n de los nonces de tipo CSRF, lo que permite a atacantes no autenticados acceder a la acci\u00f3n siq_ajax AJAX y llevar a cabo ataques de tipo Cross-Site Scripting debido a una falta de saneo y escape en el par\u00e1metro customCss"}], "id": "CVE-2022-0780", "lastModified": "2024-11-21T06:39:22.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-18T18:15:08.473", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}