CVE-2023-1572 LOW

CVE-2023-1572: DataGear Plugin cross site scripting

Vendor N/A
Product DataGear
Weakness CWE-79 · XSS
Published March 22, 2023
Last update February 25, 2025
View on NVD All CVEs

CVSS base score

2.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564.

Key dates

02Disclosure timeline

March 22, 2023 CVE published
February 25, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-54299 Extension - nobossextensions.com - Stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla CVE-2025-30610 WordPress WP Social Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) Vulnerability CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2025-22821 WordPress StorePress theme <= 1.0.12 - Cross Site Scripting (XSS) vulnerability CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability