Lucene search

PatchstackCVE-2024-34797

HistoryJun 03, 2024 - 11:15 a.m.

CVE-2024-34797

2024-06-0311:15:10

CWE-79

Patchstack

web.nvd.nist.gov

nvd

vulnerability

information security

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5.

Affected configurations

Vulners

Node

benoit_mercusotsimple_popup_managerRange≤1.3.5wordpress

VendorProductVersionCPE
benoit_mercusotsimple_popup_manager*cpe:2.3:a:benoit_mercusot:simple_popup_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
benoit_mercusot	simple_popup_manager	*	cpe:2.3:a:benoit_mercusot:simple_popup_manager::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "simple-popup-manager",
    "product": "Simple Popup Manager",
    "vendor": "Benoit Mercusot",
    "versions": [
      {
        "lessThanOrEqual": "1.3.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/simple-popup-manager/wordpress-simple-popup-manager-plugin-1-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve