Lucene search

K
nvd[email protected]NVD:CVE-2023-27429
HistoryJun 21, 2023 - 2:15 p.m.

CVE-2023-27429

2023-06-2114:15:09
CWE-79
web.nvd.nist.gov
cve-2023-27429
authentication
stored cross-site scripting
automattic
jetpack crm
plugin
version 5.4.4

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.0%

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.

Affected configurations

NVD
Node
automatticjetpack_crmRange<5.5.0wordpress

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.0%

Related for NVD:CVE-2023-27429