Lucene search

K
nvd[email protected]NVD:CVE-2023-27426
HistoryAug 30, 2023 - 1:15 p.m.

CVE-2023-27426

2023-08-3013:15:11
CWE-79
web.nvd.nist.gov
3
cve-2023-27426
stored cross-site scripting
notifyvisitors
notifyvisitors plugin
security vulnerability

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.

Affected configurations

Nvd
Node
notifyvisitorsnotifyvisitorsRange1.0
VendorProductVersionCPE
notifyvisitorsnotifyvisitors*cpe:2.3:a:notifyvisitors:notifyvisitors:*:*:*:*:*:*:*:*

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%