Lucene search

PatchstackCVE-2023-33322

HistoryMar 26, 2024 - 9:15 a.m.

CVE-2023-33322

2024-03-2609:15:09

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-33322

cross-site scripting

etoile web design

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.

Affected configurations

Vulners

Node

etoile_web_designfront_end_usersRange<3.2.25wordpress

VendorProductVersionCPE
etoile_web_designfront_end_users*cpe:2.3:a:etoile_web_design:front_end_users:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
etoile_web_design	front_end_users	*	cpe:2.3:a:etoile_web_design:front_end_users::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "front-end-only-users",
    "product": "Front End Users",
    "vendor": "Etoile Web Design",
    "versions": [
      {
        "changes": [
          {
            "at": "3.2.25",
            "status": "unaffected"
          }
        ],
        "lessThan": "3.2.25",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/front-end-only-users/wordpress-front-end-users-plugin-3-2-25-cross-site-scripting-xss-vulnerability?_s_id=cve