Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49181", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-11-22T23:36:35.546Z", "datePublished": "2023-12-15T14:49:51.927Z", "dateUpdated": "2024-08-02T21:53:43.415Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-event-manager", "product": "WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce", "vendor": "WP Event Manager", "versions": [{"lessThanOrEqual": "3.1.40", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "emad (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.<p>This issue affects WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-15T14:49:51.927Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability-2?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress WP Event Manager Plugin <= 3.1.40 is vulnerable to Cross Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:53:43.415Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability-2?_s_id=cve"}]}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat