Lucene search

PatchstackCVE-2023-23979

HistoryApr 06, 2023 - 6:15 a.m.

CVE-2023-23979

2023-04-0606:15:08

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-23979

unauthenticated

stored xss

cross-site scripting

fullworks quick event manager plugin

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

31.3%

JSON

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.

Affected configurations

Nvd

Vulners

Node

fullworkspluginsquick_event_managerRange<9.7.5wordpress

VendorProductVersionCPE
fullworkspluginsquick_event_manager*cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
fullworksplugins	quick_event_manager	*	cpe:2.3:a:fullworksplugins:quick_event_manager::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "quick-event-manager",
    "product": "Quick Event Manager",
    "vendor": "Fullworks",
    "versions": [
      {
        "changes": [
          {
            "at": "9.7.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "9.7.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/quick-event-manager/wordpress-quick-event-manager-plugin-9-7-4-cross-site-scripting-xss?_s_id=cve