CVE-2023-50823

2023-12-2115:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-50823

web security

vulnerability

xss

wipeout media

css

javascript

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.This issue affects CSS & JavaScript Toolbox: from n/a through 11.7.

Affected configurations

Vulners

NVD

Node

wipeout_mediacss_\&_javascript_toolboxRange≤11.7

CPENameOperatorVersion
wipeoutmedia:css_\&_javascript_toolboxwipeoutmedia css & javascript toolboxle11.7

CPE	Name	Operator	Version
wipeoutmedia:css_\&_javascript_toolbox	wipeoutmedia css & javascript toolbox	le	11.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "css-javascript-toolbox",
    "product": "CSS & JavaScript Toolbox",
    "vendor": "Wipeout Media",
    "versions": [
      {
        "lessThanOrEqual": "11.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/css-javascript-toolbox/wordpress-css-javascript-toolbox-plugin-11-7-cross-site-scripting-xss-vulnerability?_s_id=cve