Lucene search

PatchstackCVE-2024-44062

HistorySep 15, 2024 - 8:15 a.m.

CVE-2024-44062

2024-09-1508:15:12

CWE-79

Patchstack

web.nvd.nist.gov

vulnerability

xss

web page generation

custom field template

hiroaki miyashita

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

14.7%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.

Affected configurations

Nvd

Vulners

Node

wpgogocustom_field_templateRange<2.6.6wordpress

VendorProductVersionCPE
wpgogocustom_field_template*cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpgogo	custom_field_template	*	cpe:2.3:a:wpgogo:custom_field_template::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "custom-field-template",
    "product": "Custom Field Template",
    "vendor": "Hiroaki Miyashita",
    "versions": [
      {
        "lessThanOrEqual": "2.6.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve