5.4
CVE-2023-40068
- EPSS 1.48%
- Veröffentlicht 21.08.2023 09:15:10
- Zuletzt bearbeitet 21.11.2024 08:18:38
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginAdvanced Custom Fields 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.
Mögliche Gegenmaßnahme
Advanced Custom Fields (ACF®): Update to version 6.1.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advancedcustomfields ≫ Advanced Custom Fields SwEdition- SwPlatformwordpress Version >= 6.1.0 <= 6.1.7
Advancedcustomfields ≫ Advanced Custom Fields SwEditionpro SwPlatformwordpress Version >= 6.1.0 <= 6.1.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced Custom Fields (ACF®)
Version
6.1-6.1.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.48% | 0.705 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wordpress.org/plugins/advanced-custom-fields/
https://www.advancedcustomfields.com/
https://jvn.jp/en/jp/JVN98946408/
https://www.advancedcustomfields.com/blog/acf-6-1-8/
https://www.wordfence.com/threat-intel/vulnerabilities/id/f412bdb0-953d-4375-85c2-b87f3aa77d60