Lucene search
PatchstackCVELIST:CVE-2023-49178HistoryDec 15, 2023 - 2:40 p.m.
CVE-2023-49178 WordPress HDW Player Plugin (Video Player & Video Gallery) Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
2023-12-1514:40:46
CWE-79
Patchstack
www.cve.org
6
cve-2023-49178
wordpress
hdw player plugin
xss
cross site scripting
web page generation
reflected xss
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
17.0%
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mr. Hdwplayer HDW Player Plugin (Video Player & Video Gallery) allows Reflected XSS.This issue affects HDW Player Plugin (Video Player & Video Gallery): from n/a through 5.0.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "hdw-player-video-player-video-gallery",
"product": "HDW Player Plugin (Video Player & Video Gallery)",
"vendor": "Mr. Hdwplayer",
"versions": [
{
"lessThanOrEqual": "5.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-49178
2023-12-15 15:15:08
cve
cve
CVE-2023-49178
2023-12-15 15:15:08
prion
prion
Cross site scripting
2023-12-15 15:15:00
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
17.0%
Related for CVELIST:CVE-2023-49178