CVE-2022-33994 - Vulnerability Details - OpenCVE

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00274.

Key SSVC decision points have not yet been added.

Vendors	Products
Gutenberg Project	Gutenberg

Configuration 1 [-]

cpe:2.3:a:gutenberg_project:gutenberg:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-37027	The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/
https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-30T19:27:56

Updated: 2024-08-03T08:16:16.108Z

Reserved: 2022-06-19T00:00:00

Link: CVE-2022-33994

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-30T20:15:08.490

Modified: 2024-11-21T07:08:44.783

Link: CVE-2022-33994

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the \"Insert from URL\" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-09T01:28:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"tags": ["x_refsource_MISC"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-33994", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the \"Insert from URL\" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/", "refsource": "MISC", "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"name": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/", "refsource": "MISC", "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.108Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33994", "datePublished": "2022-07-30T19:27:56", "dateReserved": "2022-06-19T00:00:00", "dateUpdated": "2024-08-03T08:16:16.108Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gutenberg_project:gutenberg:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "22DB944B-7AFF-4F23-8999-B2BBF1518F1E", "versionEndIncluding": "13.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the \"Insert from URL\" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators."}, {"lang": "es", "value": "El plugin Gutenberg versiones hasta 13.7.3 para WordPress, permite un ataque de tipo XSS almacenado por el rol de Colaborador por medio de un documento SVG a la funcionalidad \"Insert from URL\". NOTA: la carga \u00fatil de tipo XSS no es ejecutada en el contexto del dominio de la instancia de WordPress; sin embargo, los intentos an\u00e1logos de usuarios poco privilegiados de hacer referencia a documentos SVG son bloqueados por algunos productos similares, y esta diferencia de comportamiento podr\u00eda tener relevancia de seguridad para algunos administradores de sitios de WordPress"}], "id": "CVE-2022-33994", "lastModified": "2024-11-21T07:08:44.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-30T20:15:08.490", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://patchstack.com/articles/patchstack-weekly-svg-xss-reported-in-gutenberg/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}