Lucene search

K
cvelistPatchstackCVELIST:CVE-2024-1437
HistoryFeb 29, 2024 - 5:12 a.m.

CVE-2024-1437 WordPress Adsmonetizer Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

2024-02-2905:12:21
CWE-79
Patchstack
www.cve.org
cve-2024-1437
cross site scripting
web page generation
reflected xss
josé fernandez adsmonetizer

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "adsensei-b30",
    "product": "Adsmonetizer",
    "vendor": "José Fernandez",
    "versions": [
      {
        "changes": [
          {
            "at": "3.1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-1437