CVE-2023-49172

2023-12-1416:15:50

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-49172

reflected xss

braincert

virtual classroom

web security

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30.

Affected configurations

Vulners

NVD

Node

braincertvirtual_classroomRange≤1.30

VendorProductVersionCPE
braincertvirtual_classroom*cpe:2.3:a:braincert:virtual_classroom:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
braincert	virtual_classroom	*	cpe:2.3:a:braincert:virtual_classroom::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "html5-virtual-classroom",
    "product": "BrainCert – HTML5 Virtual Classroom",
    "vendor": "BrainCert",
    "versions": [
      {
        "lessThanOrEqual": "1.30",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/html5-virtual-classroom/wordpress-braincert-html5-virtual-classroom-plugin-1-30-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve