Lucene search

PatchstackCVE-2024-39661

HistoryAug 01, 2024 - 10:15 p.m.

CVE-2024-39661

2024-08-0122:15:27

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-39661

xss

extendthemes

kubio ai page builder

web page generation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.4%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ExtendThemes Kubio AI Page Builder.This issue affects Kubio AI Page Builder: from n/a through 2.2.4.

Affected configurations

Vulners

Node

extendthemescolibri_page_builderRange≤2.2.4

VendorProductVersionCPE
extendthemescolibri_page_builder*cpe:2.3:a:extendthemes:colibri_page_builder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
extendthemes	colibri_page_builder	*	cpe:2.3:a:extendthemes:colibri_page_builder::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "kubio",
    "product": "Kubio AI Page Builder",
    "vendor": "ExtendThemes",
    "versions": [
      {
        "changes": [
          {
            "at": "2.2.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.2.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/kubio/wordpress-kubio-ai-page-builder-plugin-2-2-4-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve