Lucene search

PatchstackCVE-2023-47245

HistoryNov 16, 2023 - 7:15 p.m.

CVE-2023-47245

2023-11-1619:15:08

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-47245

cross-site scripting

xss

vulnerability

nvd

anac xml viewer plugin

marco milesi

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

4.9

Confidence

High

EPSS

Percentile

14.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Viewer plugin <= 1.7 versions.

Affected configurations

Nvd

Vulners

Node

marcomilesianac_xml_viewerRange≤1.7wordpress

VendorProductVersionCPE
marcomilesianac_xml_viewer*cpe:2.3:a:marcomilesi:anac_xml_viewer:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
marcomilesi	anac_xml_viewer	*	cpe:2.3:a:marcomilesi:anac_xml_viewer::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "anac-xml-viewer",
    "product": "ANAC XML Viewer",
    "vendor": "Marco Milesi",
    "versions": [
      {
        "changes": [
          {
            "at": "1.7.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/anac-xml-viewer/wordpress-anac-xml-viewer-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve