Lucene search

PatchstackCVE-2023-50827

HistoryDec 21, 2023 - 3:15 p.m.

CVE-2023-50827

2023-12-2115:15:12

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-50827

improper neutralization of input

cross-site scripting

accredible certificates & open badges

stored xss

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8.

Affected configurations

Nvd

Vulners

Node

accredibleaccredible_certificates_\&_open_badgesRange≤1.4.8wordpress

VendorProductVersionCPE
accredibleaccredible_certificates_\&_open_badges*cpe:2.3:a:accredible:accredible_certificates_\&_open_badges:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
accredible	accredible_certificates_\&_open_badges	*	cpe:2.3:a:accredible:accredible_certificates_\&_open_badges::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "accredible-certificates",
    "product": "Accredible Certificates & Open Badges",
    "vendor": "Accredible",
    "versions": [
      {
        "lessThanOrEqual": "1.4.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/accredible-certificates/wordpress-accredible-certificates-open-badges-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve