CVE-2023-6278

2024-01-2915:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-6278

biteship

plugin

ongkos kirim

kurir instant

reguler

kargo

wordpress

xss

cross-site scripting

security vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected configurations

Vulners

NVD

Node

arubanetworksinstantRange<2.2.25

VendorProductVersionCPE
arubanetworksinstant*cpe:2.3:a:arubanetworks:instant:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	instant	*	cpe:2.3:a:arubanetworks:instant::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.2.25"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]