CVE-2023-45050

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 49.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Jetpack
Timeline
PublishedNov 30

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 2.3 | Impact: 3.7

Affected Packages1 packages

NVDautomattic/jetpack12.8-a.1

Patches

Patch: patchstack.comPatch: patchstack.com

🔴Vulnerability Details

2
CVEList
WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)2023-11-30
GHSA
GHSA-rpf4-363j-82m5: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed,2023-11-30
CVE-2023-45050 (MEDIUM CVSS 5.4) | Improper Neutralization of Input Du | cvebase.io