CVE-2023-23995

2023-04-2520:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-23995

xss vulnerability

tinymce custom styles

security

nvd

cve

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.7%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.

Affected configurations

Vulners

NVD

Node

tim_reeves_\&_david_stöckltinymce_custom_stylesRange≤1.1.2

CPENameOperatorVersion
tinymce_custom_styles_project:tinymce_custom_stylestinymce custom styles project tinymce custom styleslt1.1.3

CPE	Name	Operator	Version
tinymce_custom_styles_project:tinymce_custom_styles	tinymce custom styles project tinymce custom styles	lt	1.1.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "tinymce-custom-styles",
    "product": "TinyMCE Custom Styles",
    "vendor": "Tim Reeves & David Stöckl",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/tinymce-custom-styles/wordpress-tinymce-custom-styles-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve