Lucene search

PatchstackCVE-2024-43975

HistorySep 18, 2024 - 12:15 a.m.

CVE-2024-43975

2024-09-1800:15:07

CWE-79

Patchstack

web.nvd.nist.gov

cross-site scripting

vulnerability

super store finder

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

17.7%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

Affected configurations

Nvd

Vulners

Node

superstorefindersuper_store_finderRange≤6.9.7wordpress

VendorProductVersionCPE
superstorefindersuper_store_finder*cpe:2.3:a:superstorefinder:super_store_finder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
superstorefinder	super_store_finder	*	cpe:2.3:a:superstorefinder:super_store_finder::::::wordpress::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Super Store Finder",
    "vendor": "highwarden",
    "versions": [
      {
        "changes": [
          {
            "at": "6.9.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.9.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve