Lucene search

K
cve[email protected]CVE-2023-27429
HistoryJun 21, 2023 - 2:15 p.m.

CVE-2023-27429

2023-06-2114:15:09
CWE-79
web.nvd.nist.gov
13
cve-2023-27429
nvd
auth
stored
cross-site scripting
xss
automattic
jetpack crm
plugin

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

18.0%

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <=Β 5.4.4 versions.

Affected configurations

Vulners
NVD
Node
automattic_-_jetpack_crm_teamjetpack_crmRange≀5.4.4

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "zero-bs-crm",
    "product": "Jetpack CRM",
    "vendor": "Automattic - Jetpack CRM team",
    "versions": [
      {
        "changes": [
          {
            "at": "5.5.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.4.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

18.0%

Related for CVE-2023-27429