Lucene search

PatchstackCVE-2024-31926

HistoryApr 11, 2024 - 1:15 p.m.

CVE-2024-31926

2024-04-1113:15:53

CWE-79

Patchstack

web.nvd.nist.gov

input neutralization

cross-site scripting

stored xss

advanced cron manager

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2.

Affected configurations

Vulners

Node

bracketspaceadvanced_cron_managerRange≤2.5.2wordpress

VendorProductVersionCPE
bracketspaceadvanced_cron_manager*cpe:2.3:a:bracketspace:advanced_cron_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
bracketspace	advanced_cron_manager	*	cpe:2.3:a:bracketspace:advanced_cron_manager::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "advanced-cron-manager",
    "product": "Advanced Cron Manager – debug & control",
    "vendor": "BracketSpace",
    "versions": [
      {
        "changes": [
          {
            "at": "2.5.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.5.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/advanced-cron-manager/wordpress-advanced-cron-manager-debug-control-plugin-2-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve