CVE-2023-24400

2023-05-0700:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-24400

auth

contributor+

cross-site scripting

xss

vulnerability

hu-manity.co

cookie notice

compliance

gdpr

ccpa

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.7%

JSON

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.

Affected configurations

Vulners

NVD

Node

hu-manity.cocookie_notice_\&_compliance_for_gdpr_\/_ccpaRange≤2.4.6

CPENameOperatorVersion
hu-manity:cookie_notice_\&_compliance_for_gdpr_\/_ccpahu-manity cookie notice & compliance for gdpr / ccpalt2.4.7

CPE	Name	Operator	Version
hu-manity:cookie_notice_\&_compliance_for_gdpr_\/_ccpa	hu-manity cookie notice & compliance for gdpr / ccpa	lt	2.4.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cookie-notice",
    "product": "Cookie Notice & Compliance for GDPR / CCPA",
    "vendor": "Hu-manity.co",
    "versions": [
      {
        "changes": [
          {
            "at": "2.4.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.4.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cookie-notice/wordpress-cookie-notice-compliance-for-gdpr-ccpa-plugin-2-4-6-cross-site-scripting-xss-vulnerability