CVE-2023-38000 — Cross-site Scripting in Team Gutenberg

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

CNA6.5

EPSS

0.3%

top 42.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Gutenberg Team Gutenberg Wordpress.org Wordpress +1 more

Timeline

PublishedOct 13

Description

Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶NVDwordpress/gutenberg16.8.0

▶Debianwordpress/wordpress< 6.1.6+dfsg1-0+deb12u1+2

▶NVDwordpress/wordpress5.9 — 5.9.7+4

▶CVEListV5wordpress.org/wordpress6.3 — 6.3.1+4

▶CVEListV5gutenberg_team/gutenbergn/a — 16.8.0

🔴Vulnerability Details

OSV

CVE-2023-38000: Auth↗2023-10-13

▶

GHSA

GHSA-ggq5-xv35-rxhf: Auth↗2023-10-13

▶

CVEList

Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block↗2023-10-13

▶

📋Vendor Advisories

Debian

CVE-2023-38000: wordpress - Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPres...↗2023

▶