CVE-2023-32516

2023-08-2412:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-32516

unauthenticated

cross-site scripting

xss

gloriafood

restaurant menu

food ordering system

table reservation plugin

nvd

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.0%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions.

Affected configurations

Vulners

NVD

Node

gloriafoodrestaurant_menu_–_food_ordering_system_–_table_reservationRange≤2.3.6

CPENameOperatorVersion
oracle:restaurant_menu_-_food_ordering_system_-_table_reservationoracle restaurant menu - food ordering system - table reservationle2.3.6

CPE	Name	Operator	Version
oracle:restaurant_menu_-_food_ordering_system_-_table_reservation	oracle restaurant menu - food ordering system - table reservation	le	2.3.6

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "menu-ordering-reservations",
    "product": "Restaurant Menu – Food Ordering System – Table Reservation",
    "vendor": "GloriaFood",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.3.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/menu-ordering-reservations/wordpress-restaurant-menu-food-ordering-system-table-reservation-plugin-2-3-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve