CVE-2023-28792

2023-04-0715:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-28792

unauthenticated

cross-site scripting

i thirteen web solution

continuous image carousel

lightbox plugin

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.6%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.

Affected configurations

Nvd

Node

i13websolutioncontinuous_image_carosel_with_lightboxRange<1.0.16wordpress

VendorProductVersionCPE
i13websolutioncontinuous_image_carosel_with_lightbox*cpe:2.3:a:i13websolution:continuous_image_carosel_with_lightbox:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
i13websolution	continuous_image_carosel_with_lightbox	*	cpe:2.3:a:i13websolution:continuous_image_carosel_with_lightbox::::::wordpress::*

References

patchstack.com/database/vulnerability/continuous-image-carousel-with-lightbox/wordpress-continuous-image-carousel-with-lightbox-plugin-1-0-15-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve