Lucene search
PatchstackCVE-2024-31387HistoryApr 11, 2024 - 1:15 p.m.
CVE-2024-31387
2024-04-1113:15:53
CWE-79
Patchstack
web.nvd.nist.gov
23
cve-2024-31387
improper neutralization of input
web page generation
cross-site scripting
stored xss
popup likebox team
vulnerability
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
AI Score
6.6
Confidence
High
EPSS
0
Percentile
9.0%
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2.
Affected configurations
Node
popup_likebox_teampopup_like_boxRange≤3.7.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| popup_likebox_team | popup_like_box | * | cpe:2.3:a:popup_likebox_team:popup_like_box:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ays-facebook-popup-likebox",
"product": "Popup Like box",
"vendor": "Popup LikeBox Team",
"versions": [
{
"changes": [
{
"at": "3.7.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.7.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
wpvulndb
wpvulndb
nvd
nvd
CVE-2024-31387
2024-04-11 13:15:53
cvelist
cvelist
wordfence
wordfence
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
AI Score
6.6
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-31387