cvelist/2023/49xxx/CVE-2023-49860.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-49860",
        "ASSIGNER": "audit@patchstack.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        "cweId": "CWE-79"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "weDevs",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "n/a",
                                            "version_value": "2.6.7"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
                "refsource": "MISC",
                "name": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "credits": [
        {
            "lang": "en",
            "value": "lttn (Patchstack Alliance)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-11-30 18:00:31 +00:00			`{`
"-Synchronized-Data." 2023-12-14 17:00:34 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-11-30 18:00:31 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-49860",`
"-Synchronized-Data." 2023-12-14 17:00:34 +00:00			`"ASSIGNER": "audit@patchstack.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-11-30 18:00:31 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-12-14 17:00:34 +00:00			`"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts: from n/a through 2.6.7.\n\n"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",`
			`"cweId": "CWE-79"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "weDevs",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "n/a",`
			`"version_value": "2.6.7"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",`
			`"refsource": "MISC",`
			`"name": "https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "lttn (Patchstack Alliance)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "LOW",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",`
			`"version": "3.1"`
"-Synchronized-Data." 2023-11-30 18:00:31 +00:00			`}`
			`]`
			`}`
			`}`