Lucene search

PatchstackCVE-2024-30555

HistoryMar 31, 2024 - 8:15 p.m.

CVE-2024-30555

2024-03-3120:15:10

CWE-79

Patchstack

web.nvd.nist.gov

cross-site scripting

ultimate social comments

stored xss

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sayan Datta Ultimate Social Comments – Email Notification & Lazy Load allows Stored XSS.This issue affects Ultimate Social Comments – Email Notification & Lazy Load: from n/a through 1.4.8.

Affected configurations

Vulners

Node

sayan_dattaultimate_social_comments_–_email_notification_\&_lazy_loadRange≤1.4.8wordpress

VendorProductVersionCPE
sayan_dattaultimate_social_comments_–_email_notification_\&_lazy_load*cpe:2.3:a:sayan_datta:ultimate_social_comments_–_email_notification_\&_lazy_load:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
sayan_datta	ultimate_social_comments_–_email_notification_\&_lazy_load	*	cpe:2.3:a:sayan_datta:ultimate_social_comments_–_email_notification_\&_lazy_load::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ultimate-facebook-comments",
    "product": "Ultimate Social Comments – Email Notification & Lazy Load",
    "vendor": "Sayan Datta",
    "versions": [
      {
        "lessThanOrEqual": "1.4.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/ultimate-facebook-comments/wordpress-ultimate-social-comments-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve