CVE-2023-51488

2024-02-1009:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-51488

cross-site scripting

xss

automattic

crowdsignal dashboard

polls

surveys

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.

Affected configurations

Vulners

NVD

Node

automattic\,_inc.crowdsignal_dashboard_–_polls\,_surveys_\&_moreRange≤3.0.11

CPENameOperatorVersion
automattic:crowdsignal_dashboardautomattic crowdsignal dashboardle3.0.11

CPE	Name	Operator	Version
automattic:crowdsignal_dashboard	automattic crowdsignal dashboard	le	3.0.11

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "polldaddy",
    "product": "Crowdsignal Dashboard – Polls, Surveys & more",
    "vendor": "Automattic, Inc.",
    "versions": [
      {
        "changes": [
          {
            "at": "3.1.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.0.11",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve