Lucene search
WPScanCVE-2023-5211HistoryOct 31, 2023 - 2:15 p.m.
CVE-2023-5211
2023-10-3114:15:12
CWE-79
WPScan
web.nvd.nist.gov
16
cve-2023-5211
fattura24
wordpress plugin
reflected xss
vulnerability
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the ‘id’ parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.
Affected configurations
Node
fattura24fattura24Range<6.2.8wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "Fattura24",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.2.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cvelist
cvelist
CVE-2023-5211 Fattura24 < 6.2.8 - Reflected Cross-Site Scripting
2023-10-31 13:54:45
wpexploit
wpexploit
Fattura24 < 6.2.8 - Reflected Cross-Site Scripting
2023-10-09 00:00:00
prion
prion
Cross site scripting
2023-10-31 14:15:00
wpvulndb
wpvulndb
Fattura24 < 6.2.8 - Reflected Cross-Site Scripting
2023-10-09 00:00:00
nvd
nvd
CVE-2023-5211
2023-10-31 14:15:12
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for CVE-2023-5211