Lucene search

[email protected]NVD:CVE-2023-41235

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-41235

2023-09-2715:19:27

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

reflected

everest news pro

unauth

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions.

Affected configurations

Nvd

Node

everestthemeseverest_newsRange≤1.1.7wordpress

VendorProductVersionCPE
everestthemeseverest_news*cpe:2.3:a:everestthemes:everest_news:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
everestthemes	everest_news	*	cpe:2.3:a:everestthemes:everest_news::::::wordpress::*

References

patchstack.com/database/vulnerability/everest-news-pro/wordpress-everest-news-pro-theme-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.2%

JSON

Related for NVD:CVE-2023-41235

wpvulndb1 prion1 cvelist1 vulnrichment1 cve1 wordfence1