CVE-2023-32294

2023-08-3016:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-32294

xss

cross-site scripting

radical web design

gdpr cookie consent notice box plugin

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

14.2%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions.

Affected configurations

Vulners

NVD

Node

radical_web_designgdpr_cookie_consent_notice_boxRange≤1.1.6

CPENameOperatorVersion
radicalwebdesign:gdpr_cookie_consent_notice_boxradicalwebdesign gdpr cookie consent notice boxle1.1.6

CPE	Name	Operator	Version
radicalwebdesign:gdpr_cookie_consent_notice_box	radicalwebdesign gdpr cookie consent notice box	le	1.1.6

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cookie-consent-box",
    "product": "GDPR Cookie Consent Notice Box",
    "vendor": "Radical Web Design",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cookie-consent-box/wordpress-gdpr-cookie-consent-notice-box-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve