PT-2023-22976 · Unknown · Andy Moyle Church Admin

Le Ngoc Anh

Published

2023-08-16

Updated

2023-08-22

CVE-2023-30782

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin plugin versions <= 3.7.5

Description The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session.

Recommendations For versions <= 3.7.5, update to a version greater than 3.7.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-30782

Affected Products

Andy Moyle Church Admin

PT-2023-22976 · Unknown · Andy Moyle Church Admin

CVE-2023-30782

Weakness Enumeration

Related Identifiers

Affected Products

References · 6