Lucene search
PatchstackCVELIST:CVE-2024-23505HistoryJan 31, 2024 - 3:23 p.m.
CVE-2024-23505 WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS)
2024-01-3115:23:42
CWE-79
Patchstack
www.cve.org
4
cve-2024-23505
wordpress
pdf viewer
cross site scripting
xss
dearhive
dearpdf
vulnerable
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
14.0%
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "dearpdf-lite",
"product": "PDF Viewer & 3D PDF Flipbook – DearPDF",
"vendor": "DearHive",
"versions": [
{
"lessThanOrEqual": "2.0.38",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2024-23505
2024-01-31 16:15:47
nvd
nvd
CVE-2024-23505
2024-01-31 16:15:47
prion
prion
Cross site scripting
2024-01-31 16:15:00
wpvulndb
wpvulndb
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
14.0%
Related for CVELIST:CVE-2024-23505