CVE-2023-50828 — Cross-site Scripting in Vongries Ultimate Dashboard Custom Wordpress Dashboard

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA5.9

EPSS

0.1%

top 69.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

David Vongries Ultimate Dashboard Custom Wordpress Dashboard Davidvongries Ultimate Dashboard

Timeline

PublishedDec 21

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard – Custom WordPress Dashboard: from n/a through 3.7.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5david_vongries/ultimate_dashboard_custom_wordpress_dashboardn/a — 3.7.11

▶NVDdavidvongries/ultimate_dashboard3.7.11

🔴Vulnerability Details

CVEList

WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS)↗2023-12-21

▶

GHSA

GHSA-7xwg-hh9r-4gjx: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordP↗2023-12-21

▶