Lucene search

[email protected]CVE-2024-30431

HistoryMar 29, 2024 - 6:15 p.m.

CVE-2024-30431

2024-03-2918:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-30431

improper neutralization of input

web page generation

hometory mang board

reflected xss

security vulnerability

nvd

mang board wp

version 1.8.0

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0.

Affected configurations

Vulners

Node

hometorymang_board_wpRange≤1.8.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "mangboard",
    "product": "Mang Board WP",
    "vendor": "Hometory",
    "versions": [
      {
        "changes": [
          {
            "at": "1.8.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.8.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve