Lucene search

[email protected]NVD:CVE-2023-24408

HistoryMay 08, 2023 - 3:15 p.m.

CVE-2023-24408

2023-05-0815:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-24408

authenticated

stored cross-site scripting

ecwid ecommerce

shopping cart plugin

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.5%

JSON

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.

Affected configurations

Nvd

Node

lightspeedhqecwid_ecommerce_shopping_cartRange<6.11.5wordpress

VendorProductVersionCPE
lightspeedhqecwid_ecommerce_shopping_cart*cpe:2.3:a:lightspeedhq:ecwid_ecommerce_shopping_cart:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
lightspeedhq	ecwid_ecommerce_shopping_cart	*	cpe:2.3:a:lightspeedhq:ecwid_ecommerce_shopping_cart::::::wordpress::*

References

patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-5-cross-site-scripting-xss-vulnerability?_s_id=cve