CVE-2023-50833

2023-12-2118:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-50833

cross-site scripting

xss

extendthemes

colibri page builder

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExtendThemes Colibri Page Builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through 1.0.239.

Affected configurations

Vulners

NVD

Node

extendthemescolibri_page_builderRange≤1.0.239

VendorProductVersionCPE
extendthemescolibri_page_builder*cpe:2.3:a:extendthemes:colibri_page_builder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
extendthemes	colibri_page_builder	*	cpe:2.3:a:extendthemes:colibri_page_builder::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "colibri-page-builder",
    "product": "Colibri Page Builder",
    "vendor": "ExtendThemes",
    "versions": [
      {
        "lessThanOrEqual": "1.0.239",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-239-cross-site-scripting-xss-vulnerability?_s_id=cve