CVE-2023-23821

2023-04-0412:15:07

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-23821

cross-site scripting

xss

vulnerability

marcin pietrzak

interactive polish map plugin

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

21.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.

Affected configurations

Nvd

Vulners

Node

interactive_polish_map_projectinteractive_polish_mapRange<1.2.1wordpress

VendorProductVersionCPE
interactive_polish_map_projectinteractive_polish_map*cpe:2.3:a:interactive_polish_map_project:interactive_polish_map:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
interactive_polish_map_project	interactive_polish_map	*	cpe:2.3:a:interactive_polish_map_project:interactive_polish_map::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "interactive-polish-map",
    "product": "Interactive Polish Map",
    "vendor": "Marcin Pietrzak",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/interactive-polish-map/wordpress-interactive-polish-map-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve