nvd-json-data-feeds/CVE-2023/CVE-2023-03xx/CVE-2023-0333.json

{
  "id": "CVE-2023-0333",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2023-02-13T15:15:21.863",
  "lastModified": "2023-11-07T04:00:12.817",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
    },
    {
      "lang": "es",
      "value": "El complemento TemplatesNext ToolKit de WordPress anterior a 3.2.9 no valida algunos de sus atributos de c\u00f3digo corto antes de usarlos para generar una etiqueta HTML, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de cross-site scripting almacenado."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:templatesnext:templatesnext_toolkit:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "3.2.9",
              "matchCriteriaId": "3C167DE3-4E20-48F9-B0AF-E280F07DE2D0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2023-0333",`
			`"sourceIdentifier": "contact@wpscan.com",`
			`"published": "2023-02-13T15:15:21.863",`
Auto-Update: 2023-11-07T21:02:52.274489+00:00 2023-11-07 21:03:21 +00:00			`"lastModified": "2023-11-07T04:00:12.817",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"`
Auto-Update: 2024-09-15T02:00:16.873576+00:00 2024-09-15 02:03:16 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "El complemento TemplatesNext ToolKit de WordPress anterior a 3.2.9 no valida algunos de sus atributos de c\u00f3digo corto antes de usarlos para generar una etiqueta HTML, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de cross-site scripting almacenado."`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 2.7`
			`}`
			`]`
			`},`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:templatesnext:templatesnext_toolkit::::::wordpress::*",`
			`"versionEndExcluding": "3.2.9",`
			`"matchCriteriaId": "3C167DE3-4E20-48F9-B0AF-E280F07DE2D0"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://wpscan.com/vulnerability/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc",`
			`"source": "contact@wpscan.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`