Lucene search
HistoryMay 15, 2023 - 1:15 p.m.
CVE-2023-1596
cve
2023
1596
reflected cross-site scripting
tagdiv composer
wordpress plugin
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
31.1%
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected configurations
Node
tagdivtagdiv_composerRange<4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tagdiv | tagdiv_composer | * | cpe:2.3:a:tagdiv:tagdiv_composer:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "tagDiv Composer",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.0"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2023-1596 tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-05-15 12:15:36
nvd
nvd
CVE-2023-1596
2023-05-15 13:15:10
wpexploit
wpexploit
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-04-24 00:00:00
wpvulndb
wpvulndb
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
2023-04-24 00:00:00
prion
prion
Cross site scripting
2023-05-15 13:15:00
alpinelinux
alpinelinux
CVE-2023-1596
2023-05-15 13:15:10
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
31.1%
Related for CVE-2023-1596