Lucene search

[email protected]CVE-2024-29793

HistoryMar 27, 2024 - 1:15 p.m.

CVE-2024-29793

2024-03-2713:15:50

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-29793

cross-site scripting

mailmunch mailchimp forms

vulnerability

nvd.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

9.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.

Affected configurations

Vulners

Node

mailmunchmailchimp_formsRange≤3.2.2

VendorProductVersionCPE
mailmunchmailchimp_forms*cpe:2.3:a:mailmunch:mailchimp_forms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mailmunch	mailchimp_forms	*	cpe:2.3:a:mailmunch:mailchimp_forms::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "mailchimp-forms-by-mailmunch",
    "product": "MailChimp Forms by MailMunch",
    "vendor": "MailMunch",
    "versions": [
      {
        "changes": [
          {
            "at": "3.2.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.2.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/mailchimp-forms-by-mailmunch/wordpress-mailchimp-forms-by-mailmunch-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve