CVE-2023-38474

2023-11-3013:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve

2023

38474

campaign monitor

wordpress

reflected xss

security vulnerability

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n/a through 2.8.12.

Affected configurations

Vulners

NVD

Node

campaign_monitorcampaign_monitor_for_wordpressRange≤2.8.12

CPENameOperatorVersion
campaignmonitor:campaign_monitorcampaignmonitor campaign monitorle2.8.12

CPE	Name	Operator	Version
campaignmonitor:campaign_monitor	campaignmonitor campaign monitor	le	2.8.12

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "forms-for-campaign-monitor",
    "product": "Campaign Monitor for WordPress",
    "vendor": "Campaign Monitor",
    "versions": [
      {
        "lessThanOrEqual": "2.8.12",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/forms-for-campaign-monitor/wordpress-campaign-monitor-for-wordpress-plugin-2-8-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve