Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-1596HistoryMay 15, 2023 - 1:15 p.m.
CVE-2023-1596
2023-05-1513:15:10
Alpine Linux Development Team
security.alpinelinux.org
7
tagdiv composer
wordpress plugin
reflected cross-site scripting
high privilege users
admin
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
31.1%
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | composer | = 2.6.5-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | composer | = 2.7.6-r0 | UNKNOWN |
| Alpine | edge-community | noarch | composer | = 2.7.7-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | composer | = 2.7.7-r0 | UNKNOWN |
Related
cvelist
cvelist
CVE-2023-1596 tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-05-15 12:15:36
nvd
nvd
CVE-2023-1596
2023-05-15 13:15:10
wpexploit
wpexploit
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-04-24 00:00:00
cve
cve
CVE-2023-1596
2023-05-15 13:15:10
wpvulndb
wpvulndb
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-04-24 00:00:00
prion
prion
Cross site scripting
2023-05-15 13:15:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
31.1%
Related for ALPINE:CVE-2023-1596