PT-2023-18641 · Custom4Web · Custom4Web Affiliate Links Lite

Justiice

Publicado

2023-05-10

Atualizado

2023-05-16

CVE-2023-22696

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Custom4Web Affiliate Links Lite plugin versions <= 2.5

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be stored on the site, potentially leading to unauthorized actions.

Recommendations For Custom4Web Affiliate Links Lite plugin versions <= 2.5, update to a version higher than 2.5 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-22696

Produtos afetados

Custom4Web Affiliate Links Lite

PT-2023-18641 · Custom4Web · Custom4Web Affiliate Links Lite

CVE-2023-22696

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3