PT-2023-18641 · Custom4Web · Custom4Web Affiliate Links Lite

Justiice

Published

2023-05-10

Updated

2023-05-16

CVE-2023-22696

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Custom4Web Affiliate Links Lite plugin versions <= 2.5

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be stored on the site, potentially leading to unauthorized actions.

Recommendations For Custom4Web Affiliate Links Lite plugin versions <= 2.5, update to a version higher than 2.5 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-22696

Affected Products

Custom4Web Affiliate Links Lite

PT-2023-18641 · Custom4Web · Custom4Web Affiliate Links Lite

CVE-2023-22696

Weakness Enumeration

Related Identifiers

Affected Products

References · 3