Lucene search

PatchstackCVE-2023-50830

HistoryDec 21, 2023 - 6:15 p.m.

CVE-2023-50830

2023-12-2118:15:07

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-50830

vulnerability

seosbg

seos contact form

stored xss

input neutralization

web security

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Seosbg Seos Contact Form allows Stored XSS.This issue affects Seos Contact Form: from n/a through 1.8.0.

Affected configurations

Nvd

Vulners

Node

seosthemesseos_contact_formRange≤1.8.0wordpress

VendorProductVersionCPE
seosthemesseos_contact_form*cpe:2.3:a:seosthemes:seos_contact_form:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
seosthemes	seos_contact_form	*	cpe:2.3:a:seosthemes:seos_contact_form::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "seos-contact-form",
    "product": "Seos Contact Form",
    "vendor": "Seosbg",
    "versions": [
      {
        "lessThanOrEqual": "1.8.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/seos-contact-form/wordpress-seos-contact-form-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve