Lucene search

K
cve[email protected]CVE-2023-4250
HistoryOct 31, 2023 - 2:15 p.m.

CVE-2023-4250

2023-10-3114:15:11
CWE-79
web.nvd.nist.gov
8
eventprime
wordpress
plugin
cve-2023-4250
security
xss
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Affected configurations

Vulners
NVD
Node
metagausseventprimeRange<3.2.0
VendorProductVersionCPE
metagausseventprime*cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "EventPrime",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.2.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

Related for CVE-2023-4250