CVE-2024-25098

2024-02-2906:15:47

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-25098

cross-site scripting

security vulnerability

xss

pascal bajorat

pb oembed html5 audio

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6.

Affected configurations

Vulners

Node

pascal_bajoratpb_oembed_html5_audio_–_with_cache_supportRange≤2.6wordpress

VendorProductVersionCPE
pascal_bajoratpb_oembed_html5_audio_–_with_cache_support*cpe:2.3:a:pascal_bajorat:pb_oembed_html5_audio_–_with_cache_support:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pascal_bajorat	pb_oembed_html5_audio_–_with_cache_support	*	cpe:2.3:a:pascal_bajorat:pb_oembed_html5_audio_–_with_cache_support::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "pb-oembed-html5-audio-with-cache-support",
    "product": "PB oEmbed HTML5 Audio – with Cache Support",
    "vendor": "Pascal Bajorat",
    "versions": [
      {
        "lessThanOrEqual": "2.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/pb-oembed-html5-audio-with-cache-support/wordpress-pb-oembed-html5-audio-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve