Lucene search

PatchstackCVE-2023-48317

HistoryNov 30, 2023 - 5:15 p.m.

CVE-2023-48317

2023-11-3017:15:11

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-48317

cross-site scripting

vulnerability

vikas vatsa

display custom post

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vikas Vatsa Display Custom Post allows Stored XSS.This issue affects Display Custom Post: from n/a through 2.2.1.

Affected configurations

Nvd

Vulners

Node

vikasvatsadisplay_custom_postRange≤2.2.1wordpress

VendorProductVersionCPE
vikasvatsadisplay_custom_postcpe:/a:vikasvatsa:display_custom_post::::

Vendor	Product	Version	CPE
vikasvatsa	display_custom_post		cpe:/a:vikasvatsa:display_custom_post::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "display-custom-post",
    "product": "Display Custom Post",
    "vendor": "Vikas Vatsa",
    "versions": [
      {
        "lessThanOrEqual": "2.2.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/display-custom-post/wordpress-display-custom-post-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve