Lucene search

PatchstackCVE-2023-23808

HistoryMay 03, 2023 - 3:15 p.m.

CVE-2023-23808

2023-05-0315:15:11

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-23808

auth

stored xss

cross-site scripting

nvd

sergey panasenko sponsors carousel plugin

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

17.5%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions.

Affected configurations

Nvd

Vulners

Node

sponsors_carousel_projectsponsors_carouselRange≤4.02wordpress

VendorProductVersionCPE
sponsors_carousel_projectsponsors_carousel*cpe:2.3:a:sponsors_carousel_project:sponsors_carousel:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
sponsors_carousel_project	sponsors_carousel	*	cpe:2.3:a:sponsors_carousel_project:sponsors_carousel::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "sponsors-carousel",
    "product": "Sponsors Carousel",
    "vendor": "Sergey Panasenko",
    "versions": [
      {
        "lessThanOrEqual": "4.02",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/sponsors-carousel/wordpress-sponsors-carousel-plugin-4-02-cross-site-scripting-xss-vulnerability?_s_id=cve