Lucene search

[email protected]CVE-2023-47872

HistoryNov 30, 2023 - 5:15 p.m.

CVE-2023-47872

2023-11-3017:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-47872

stored xss

gvectors team

wpforo forum

security vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.

CPENameOperatorVersion
gvectors:wpforo_forumgvectors wpforo forumle2.2.3
gvectors:wpforo_forumgvectors wpforo forumeq1.2.0
gvectors:wpforo_forumgvectors wpforo forumeq1.0.1
gvectors:wpforo_forumgvectors wpforo forumeq1.9.4
gvectors:wpforo_forumgvectors wpforo forumeq1.9.1
gvectors:wpforo_forumgvectors wpforo forumeq1.4.6
gvectors:wpforo_forumgvectors wpforo forumeq1.7.4
gvectors:wpforo_forumgvectors wpforo forumeq1.9.3
gvectors:wpforo_forumgvectors wpforo forumeq1.1.1
gvectors:wpforo_forumgvectors wpforo forumeq2.1.0

CPE	Name	Operator	Version
gvectors:wpforo_forum	gvectors wpforo forum	le	2.2.3
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.2.0
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.0.1
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.9.4
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.9.1
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.4.6
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.7.4
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.9.3
gvectors:wpforo_forum	gvectors wpforo forum	eq	1.1.1
gvectors:wpforo_forum	gvectors wpforo forum	eq	2.1.0

Rows per page:

1-10 of 851

References

patchstack.com/database/vulnerability/wpforo/wordpress-wpforo-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-47872

wpvulndb1 prion1 cvelist1 wordfence1