5.4

CVE-2023-2579

Exploit

EPSS 14.86%
Veröffentlicht 17.07.2023 14:15:09
Zuletzt bearbeitet 21.11.2024 07:58:52
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Mögliche Gegenmaßnahme

InventoryPress: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt InventoryPress

Version *-1.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inventorypress Project ≫ Inventorypress SwPlatformwordpress Version <= 1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.86%	0.943

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://github.com/daniloalbuqrque/poc-cve-xss-inventory-press-plugin

Third Party Advisory

Exploit

https://wpscan.com/vulnerability/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/83603d33-b616-4332-aa05-b8ac61424614

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2579

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2579

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2579

EUVD