Lucene search
Ubuntu.comUB:CVE-2023-0644HistoryMay 15, 2023 - 12:00 a.m.
CVE-2023-0644
2023-05-1500:00:00
ubuntu.com
ubuntu.com
6
cve-2023-0644
push notifications
wordpress plugin
sanitisation
escaping
cross-site scripting
high privilege users
admin
windows-specific issue
unix
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.0%
The Push Notifications for WordPress by PushAssist WordPress plugin through
3.0.8 does not sanitise and escape various parameters before outputting
them back in pages, leading to Reflected Cross-Site Scripting which could
be used against high privilege users such as admin.
Notes
| Author | Note |
|---|---|
| mdeslaur | windows-specific issue |
Related
prion
prion
Cross site scripting
2023-05-15 13:15:00
cve
cve
CVE-2023-0644
2023-05-15 13:15:09
cvelist
cvelist
CVE-2023-0644 PushAssist <= 3.0.8 - Reflected Cross-Site Scripting
2023-05-15 12:15:40
debiancve
debiancve
CVE-2023-0644
1976-01-01 00:00:00
nvd
nvd
CVE-2023-0644
2023-05-15 13:15:09
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.0%
Related for UB:CVE-2023-0644