CVE-2023-28790

2023-09-2715:18:49

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-28790

authentication

stored xss

cross-site scripting

xss

vulnerability

brett shumaker

simple staff list plugin

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

14.2%

JSON

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.

Affected configurations

Vulners

NVD

Node

brett_shumakersimple_staff_listRange≤2.2.3

CPENameOperatorVersion
simple_staff_list_project:simple_staff_listsimple staff list project simple staff listlt2.2.4

CPE	Name	Operator	Version
simple_staff_list_project:simple_staff_list	simple staff list project simple staff list	lt	2.2.4

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "simple-staff-list",
    "product": "Simple Staff List",
    "vendor": "Brett Shumaker",
    "versions": [
      {
        "changes": [
          {
            "at": "2.2.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.2.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]