Lucene search

PatchstackCVE-2024-31103

HistoryMar 31, 2024 - 8:15 p.m.

CVE-2024-31103

2024-03-3120:15:14

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-31103

cross-site scripting

kanban boards for wordpress

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Reflected XSS.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.

Affected configurations

Vulners

Node

kanban_for_wordpresskanban_boards_for_wordpressRange≤2.5.21wordpress

VendorProductVersionCPE
kanban_for_wordpresskanban_boards_for_wordpress*cpe:2.3:a:kanban_for_wordpress:kanban_boards_for_wordpress:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
kanban_for_wordpress	kanban_boards_for_wordpress	*	cpe:2.3:a:kanban_for_wordpress:kanban_boards_for_wordpress::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "kanban",
    "product": "Kanban Boards for WordPress",
    "vendor": "Kanban for WordPress",
    "versions": [
      {
        "lessThanOrEqual": "2.5.21",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/kanban/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve