CVE-2023-2579

Exploit

EPSS 1.12%
Veröffentlicht 17.07.2023 14:15:09
Zuletzt bearbeitet 21.11.2024 07:58:52
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

InventoryPress <= 1.7 - Author+ Stored XSS

InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Mögliche Gegenmaßnahme

InventoryPress: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inventorypress Project ≫ Inventorypress SwPlatformwordpress Version <= 1.7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt InventoryPress

Version *-1.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.12%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://github.com/daniloalbuqrque/poc-cve-xss-inventory-press-plugin

Third Party Advisory

Exploit

https://wpscan.com/vulnerability/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/83603d33-b616-4332-aa05-b8ac61424614

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2579

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2579

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2579

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-2579