CVE-2023-49189 - OpenCVE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Getsocial	Social Share Buttons \& Analytics

Configuration 1 [-]

cpe:2.3:a:getsocial:social_share_buttons_\&_analytics:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-15T15:08:01.376Z

Updated: 2023-12-15T15:08:01.376Z

Reserved: 2023-11-22T23:36:56.848Z

Link: CVE-2023-49189

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-15T16:15:43.913

Modified: 2023-12-21T16:48:17.663

Link: CVE-2023-49189

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-49189", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-11-22T23:36:56.848Z", "datePublished": "2023-12-15T15:08:01.376Z", "dateUpdated": "2023-12-15T15:08:01.376Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-share-buttons-analytics-by-getsocial", "product": "Social Share Buttons & Analytics Plugin \u2013 GetSocial.io", "vendor": "Getsocial, S.A.", "versions": [{"lessThanOrEqual": "4.3.12", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "DoYeon Park / p6rkdoye0n (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.<p>This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-15T15:08:01.376Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Social Share Buttons & Analytics Plugin \u2013 GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getsocial:social_share_buttons_\\&_analytics:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BFA63335-888A-42EB-9FC0-1F5E26B084D6", "versionEndIncluding": "4.3.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: from n/a through 4.3.12.\n\n"}, {"lang": "es", "value": "Neutralizaci\u00f3n inadecuada de la entrada durante la vulnerabilidad de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Getsocial, S.A. Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io permite XSS almacenado. Este problema afecta a Social Share Buttons & Analytics Plugin \u2013 GetSocial.Io: de n/a hasta el 4.3.12."}], "id": "CVE-2023-49189", "lastModified": "2023-12-21T16:48:17.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2023-12-15T16:15:43.913", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/wp-share-buttons-analytics-by-getsocial/wordpress-social-share-buttons-analytics-plugin-getsocial-io-plugin-4-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Primary"}]}