CVE-2023-28169

2023-05-0813:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-28169

auth

stored xss

corefortress

easy event

calendar plugin

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.7%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.

Affected configurations

Vulners

NVD

Node

corefortresseasy_event_calendarRange≤1.0

CPENameOperatorVersion
easy_event_calendar_project:easy_event_calendareasy event calendar project easy event calendarle1.0

CPE	Name	Operator	Version
easy_event_calendar_project:easy_event_calendar	easy event calendar project easy event calendar	le	1.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "easy-event-calendar",
    "product": "Easy Event calendar",
    "vendor": "CoreFortress",
    "versions": [
      {
        "lessThanOrEqual": "1.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]