Lucene search

K
cve[email protected]CVE-2023-27425
HistoryApr 23, 2023 - 11:15 a.m.

CVE-2023-27425

2023-04-2311:15:07
CWE-79
web.nvd.nist.gov
15
cve-2023-27425
authentication
stored xss
cross-site scripting
vulnerability
james irving-swift electric studio client login plugin
nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.

Affected configurations

Vulners
NVD
Node
james_irving-swiftelectric_studio_client_loginRange0.8.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "electric-studio-client-login",
    "product": "Electric Studio Client Login",
    "vendor": "James Irving-Swift",
    "versions": [
      {
        "lessThanOrEqual": "0.8.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

Related for CVE-2023-27425