Lucene search

PatchstackCVE-2023-47811

HistoryNov 22, 2023 - 11:15 p.m.

CVE-2023-47811

2023-11-2223:15:08

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-47811

web page generation

cross-site scripting

suresh kumar mukhiya

anywhere flash embed plugin

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

5.9

Confidence

High

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions.

Affected configurations

Nvd

Vulners

Node

sureshkumarmukhiyaanywhere_flash_embedRange≤1.0.5wordpress

VendorProductVersionCPE
sureshkumarmukhiyaanywhere_flash_embed*cpe:2.3:a:sureshkumarmukhiya:anywhere_flash_embed:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
sureshkumarmukhiya	anywhere_flash_embed	*	cpe:2.3:a:sureshkumarmukhiya:anywhere_flash_embed::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "anywhere-flash-embed",
    "product": "Anywhere Flash Embed",
    "vendor": "Suresh KUMAR Mukhiya",
    "versions": [
      {
        "lessThanOrEqual": "1.0.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/anywhere-flash-embed/wordpress-anywhere-flash-embed-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve