CVE-2023-49740 — Cross-site Scripting in Seraphinite Accelerator

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA7.1

EPSS

0.2%

top 58.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

S-sols Seraphinite Accelerator Seraphinite Solutions Seraphinite Accelerator

Timeline

PublishedDec 14

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.This issue affects Seraphinite Accelerator: from n/a through 2.20.28.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5seraphinite_solutions/seraphinite_acceleratorn/a — 2.20.28

▶NVDs-sols/seraphinite_accelerator< 2.20.29

🔴Vulnerability Details

CVEList

WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS)↗2023-12-14

▶

GHSA

GHSA-v9r2-xx4h-x954: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator al↗2023-12-14

▶