CVE-2023-39921 - OpenCVE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through 4.6.19.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Amitzy	Molongui

Configuration 1 [-]

cpe:2.3:a:amitzy:molongui:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-author-box-for-authors-co-authors-multiple-authors-and-guest-authors-molongui-plugin-4-6-19-cross-site-scripting-xss-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-11-30T15:47:35.524Z

Updated: 2023-11-30T15:47:35.524Z

Reserved: 2023-08-07T12:46:53.219Z

Link: CVE-2023-39921

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-30T16:15:09.463

Modified: 2023-12-06T00:40:06.827

Link: CVE-2023-39921

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-39921", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-08-07T12:46:53.219Z", "datePublished": "2023-11-30T15:47:35.524Z", "dateUpdated": "2023-11-30T15:47:35.524Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "molongui-authorship", "product": "Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui", "vendor": "Molongui", "versions": [{"changes": [{"at": "4.6.20", "status": "unaffected"}], "lessThanOrEqual": "4.6.19", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdullah Mudzakir (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui allows Stored XSS.<p>This issue affects Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: from n/a through 4.6.19.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: from n/a through 4.6.19.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-11-30T15:47:35.524Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-author-box-for-authors-co-authors-multiple-authors-and-guest-authors-molongui-plugin-4-6-19-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.6.20 or a higher version."}], "value": "Update to\u00a04.6.20 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amitzy:molongui:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "785B1705-9892-483D-BA4E-2DBEF0151642", "versionEndIncluding": "4.6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: from n/a through 4.6.19.\n\n"}, {"lang": "es", "value": "Neutralizaci\u00f3n inadecuada de la entrada durante Vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Scripting entre sitios') en Molongui Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui permite XSS almacenado. Este problema afecta a Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui: desde n/a hasta el 4.6.19."}], "id": "CVE-2023-39921", "lastModified": "2023-12-06T00:40:06.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2023-11-30T16:15:09.463", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/molongui-authorship/wordpress-author-box-for-authors-co-authors-multiple-authors-and-guest-authors-molongui-plugin-4-6-19-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Primary"}]}