Lucene search

PatchstackCVE-2023-34006

HistoryJun 22, 2023 - 1:15 p.m.

CVE-2023-34006

2023-06-2213:15:10

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-34006

authentication

stored xss

marco milesi

telegram bot

channel plugin

security vulnerability

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.

Affected configurations

Nvd

Vulners

Node

telegram_bot_\&_channel_projecttelegram_bot_\&_channelRange≤3.6.2wordpress

VendorProductVersionCPE
telegram_bot_\&_channel_projecttelegram_bot_\&_channel*cpe:2.3:a:telegram_bot_\&_channel_project:telegram_bot_\&_channel:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
telegram_bot_\&_channel_project	telegram_bot_\&_channel	*	cpe:2.3:a:telegram_bot_\&_channel_project:telegram_bot_\&_channel::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "telegram-bot",
    "product": "Telegram Bot & Channel",
    "vendor": "Marco Milesi",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-bot-channel-plugin-3-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve