Lucene search

[email protected]NVD:CVE-2023-0421

HistoryMay 08, 2023 - 2:15 p.m.

CVE-2023-0421

2023-05-0814:15:11

[email protected]

web.nvd.nist.gov

cloud manager

wordpress

unauthenticated

xss

exploit

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.2%

JSON

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

Affected configurations

Nvd

Node

cloud_manager_projectcloud_managerRange≤1.0wordpress

VendorProductVersionCPE
cloud_manager_projectcloud_manager*cpe:2.3:a:cloud_manager_project:cloud_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
cloud_manager_project	cloud_manager	*	cpe:2.3:a:cloud_manager_project:cloud_manager::::::wordpress::*

References

wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.2%

JSON

Related for NVD:CVE-2023-0421

prion1 wpexploit1 wpvulndb1 cvelist1 cve1 wordfence1