Lucene search

PatchstackCVE-2024-37936

HistoryJul 20, 2024 - 9:15 a.m.

CVE-2024-37936

2024-07-2009:15:05

CWE-79

Patchstack

web.nvd.nist.gov

input handling

xss vulnerability

wpbakery page builder

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.3%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in labibahmed Tabs For WPBakery Page Builder allows Stored XSS.This issue affects Tabs For WPBakery Page Builder: from n/a through 1.2.

Affected configurations

Vulners

Node

labibahmedtabs_for_wpbakery_page_builderRange≤1.2

VendorProductVersionCPE
labibahmedtabs_for_wpbakery_page_builder*cpe:2.3:a:labibahmed:tabs_for_wpbakery_page_builder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
labibahmed	tabs_for_wpbakery_page_builder	*	cpe:2.3:a:labibahmed:tabs_for_wpbakery_page_builder::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "tabs-for-visual-composer",
    "product": "Tabs For WPBakery Page Builder",
    "vendor": "labibahmed",
    "versions": [
      {
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/tabs-for-visual-composer/wordpress-tabs-for-wpbakery-page-builder-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve