Lucene search

[email protected]CVE-2024-35757

HistoryJun 21, 2024 - 1:15 p.m.

CVE-2024-35757

2024-06-2113:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-35757

web page generation

xss

cross-site scripting

vulnerability

stored xss

easy age verify

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

14.2%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2.

Affected configurations

Vulners

NVD

Node

5_star_pluginseasy_age_verifyRange≤1.8.2

CPENameOperatorVersion
5starplugins:easy_age_verify5starplugins easy age verifylt1.8.3

CPE	Name	Operator	Version
5starplugins:easy_age_verify	5starplugins easy age verify	lt	1.8.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "easy-age-verify",
    "product": "Easy Age Verify",
    "vendor": "5 Star Plugins",
    "versions": [
      {
        "changes": [
          {
            "at": "1.8.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.8.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/easy-age-verify/wordpress-easy-age-verify-plugin-1-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve