Lucene search

[email protected]CVE-2023-37976

HistoryJul 27, 2023 - 3:15 p.m.

CVE-2023-37976

2023-07-2715:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-37976

unauthenticated

reflected xss

cross-site scripting

radio forge muses player

skins plugin

nvd

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions.

Affected configurations

Vulners

NVD

Node

radio_forgeradio_forge_muses_player_with_skinsRange≤2.5

VendorProductVersionCPE
radioforgeradio_forge_muses_player_with_skinscpe:/a:radioforge:radio_forge_muses_player_with_skins::::

Vendor	Product	Version	CPE
radioforge	radio_forge_muses_player_with_skins		cpe:/a:radioforge:radio_forge_muses_player_with_skins::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "radio-forge",
    "product": "Radio Forge Muses Player with Skins",
    "vendor": "Radio Forge",
    "versions": [
      {
        "lessThanOrEqual": "2.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/radio-forge/wordpress-radio-forge-muses-player-with-skins-plugin-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve