Cross-Site Scripting (XSS)

2023-11-0509:14:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

wordpress

dashboard

malicious code

vulnerability

exploit

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.4%

JSON

wordpress is vulnerable to Cross-Site Scripting (XSS). An authenticated attacker could exploit this vulnerability to inject malicious code into the WordPress dashboard, which could then be executed by other users of the WordPress website.

CPENameOperatorVersion
wordpress:sideq5.5.3+dfsg1-1
wordpress:sideq5.6.1+dfsg1-1
wordpress:sideq5.5.3+dfsg1-1
wordpress:sideq5.6.1+dfsg1-1
wordpress:bookwormeq5.8.1+dfsg1-1

Name	Operator	Version
wordpress:sid	eq	5.5.3+dfsg1-1
wordpress:sid	eq	5.6.1+dfsg1-1
wordpress:sid	eq	5.5.3+dfsg1-1
wordpress:sid	eq	5.6.1+dfsg1-1
wordpress:bookworm	eq	5.8.1+dfsg1-1

References

patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve

patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plugin-16-8-0-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/wordpress/wordpress-core-6-3-2-contributor-stored-xss-in-navigation-links-block-vulnerability?_s_id=cve

security-tracker.debian.org/tracker/CVE-2023-38000