CVE-2023-41128

2023-11-3013:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-41128

vulnerability

cross-site scripting

xss

iqonic design

wp roadmap

product feedback board

security

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.

Affected configurations

Vulners

NVD

Node

iqonic_designwp_roadmap_–_product_feedback_boardRange≤1.0.8

CPENameOperatorVersion
iqonic:wp_roadmapiqonic wp roadmaple1.0.8

CPE	Name	Operator	Version
iqonic:wp_roadmap	iqonic wp roadmap	le	1.0.8

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-roadmap",
    "product": "WP Roadmap – Product Feedback Board",
    "vendor": "Iqonic Design",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]