Lucene search

PatchstackCVE-2024-27192

HistoryMar 15, 2024 - 1:15 p.m.

CVE-2024-27192

2024-03-1513:15:08

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-27192

cross-site scripting

scott reilly

configure smtp

vulnerability

xss

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

9.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1.

Affected configurations

Vulners

Node

scott_reillyconfigure_smtpRange≤3.1wordpress

VendorProductVersionCPE
scott_reillyconfigure_smtp*cpe:2.3:a:scott_reilly:configure_smtp:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
scott_reilly	configure_smtp	*	cpe:2.3:a:scott_reilly:configure_smtp::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "configure-smtp",
    "product": "Configure SMTP",
    "vendor": "Scott Reilly",
    "versions": [
      {
        "lessThanOrEqual": "3.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/configure-smtp/wordpress-configure-smtp-plugin-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve