Lucene search

[email protected]CVE-2023-27922

HistoryMay 23, 2023 - 2:15 a.m.

CVE-2023-27922

2023-05-2302:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023

newsletter

xss

vulnerability

security

remote attacker

unauthenticated

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.003 Low

EPSS

Percentile

68.4%

JSON

Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.

Affected configurations

Vulners

NVD

Node

stefano_lissa_\&_the_newsletter_teamnewsletterRange<7.6.9

CPENameOperatorVersion
thenewsletterplugin:newsletterthenewsletterplugin newsletterlt7.6.9

CPE	Name	Operator	Version
thenewsletterplugin:newsletter	thenewsletterplugin newsletter	lt	7.6.9

CNA Affected

[
  {
    "vendor": "Stefano Lissa & The Newsletter Team",
    "product": "Newsletter",
    "versions": [
      {
        "version": "versions prior to 7.6.9",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN59341308/

wordpress.org/plugins/newsletter/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2023-27922

nuclei1 jvn1 wpvulndb1 cvelist1 wpexploit1 prion1 nvd1