Lucene search

PatchstackCVE-2024-43213

HistoryAug 12, 2024 - 10:15 p.m.

CVE-2024-43213

2024-08-1222:15:10

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-43213

improper neutralization

input

web page generation

xss

cross-site scripting

multivendorx wc marketplace

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.5%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17.

Affected configurations

Vulners

Node

multivendorxwc_marketplaceRange≤4.1.17

VendorProductVersionCPE
multivendorxwc_marketplace*cpe:2.3:a:multivendorx:wc_marketplace:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
multivendorx	wc_marketplace	*	cpe:2.3:a:multivendorx:wc_marketplace::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "dc-woocommerce-multi-vendor",
    "product": "WC Marketplace",
    "vendor": "MultiVendorX",
    "versions": [
      {
        "lessThanOrEqual": "4.1.17",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/dc-woocommerce-multi-vendor/wordpress-multivendorx-marketplace-plugin-4-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve