Lucene search

K
cvePatchstackCVE-2024-30197
HistoryMar 27, 2024 - 7:15 a.m.

CVE-2024-30197

2024-03-2707:15:57
CWE-79
Patchstack
web.nvd.nist.gov
29
cve-2024-30197
improper neutralization of input
web page generation
cross-site scripting
andy moyle church admin
stored xss
nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

0

Percentile

9.0%

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.

Affected configurations

Vulners
Node
andy_moylechurch_adminRange4.0.26wordpress
VendorProductVersionCPE
andy_moylechurch_admin*cpe:2.3:a:andy_moyle:church_admin:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "church-admin",
    "product": "Church Admin",
    "vendor": "Andy Moyle",
    "versions": [
      {
        "changes": [
          {
            "at": "4.0.27",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.0.26",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

0

Percentile

9.0%