Lucene search

[email protected]NVD:CVE-2023-34006

HistoryJun 22, 2023 - 1:15 p.m.

CVE-2023-34006

2023-06-2213:15:10

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

stored

cross-site scripting

marco milesi

telegram bot

channel plugin

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.

Affected configurations

Nvd

Node

telegram_bot_\&_channel_projecttelegram_bot_\&_channelRange≤3.6.2wordpress

VendorProductVersionCPE
telegram_bot_\&_channel_projecttelegram_bot_\&_channel*cpe:2.3:a:telegram_bot_\&_channel_project:telegram_bot_\&_channel:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
telegram_bot_\&_channel_project	telegram_bot_\&_channel	*	cpe:2.3:a:telegram_bot_\&_channel_project:telegram_bot_\&_channel::::::wordpress::*

References

patchstack.com/database/vulnerability/telegram-bot/wordpress-telegram-bot-channel-plugin-3-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve