Lucene search

K
cvePatchstackCVE-2024-51627
HistoryNov 09, 2024 - 2:15 p.m.

CVE-2024-51627

2024-11-0914:15:16
CWE-79
Patchstack
web.nvd.nist.gov
21
cve-2024-51627
stored cross site scripting
xss
kaedinger audio comparison lite
web page generation
vulnerability
wordpress
stored xss

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

0

Percentile

10.0%

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4.

Affected configurations

Vulners
Node
kaedingeraudio_comparison_liteRange3.4wordpress
VendorProductVersionCPE
kaedingeraudio_comparison_lite*cpe:2.3:a:kaedinger:audio_comparison_lite:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "audio-comparison-lite",
    "product": "Audio Comparison Lite",
    "vendor": "Kaedinger",
    "versions": [
      {
        "changes": [
          {
            "at": "3.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

0

Percentile

10.0%