CVE-2023-51492 — Cross-site Scripting in SO Plugin If-so Dynamic Content Personalization

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.5

EPSS

0.1%

top 79.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IF SO Plugin If-so Dynamic Content Personalization If-so Dynamic Content Personalization

Timeline

PublishedFeb 10

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5if_so_plugin/if-so_dynamic_content_personalizationn/a — 1.6.3.1

▶NVDif-so/dynamic_content_personalization1.6.3.1

🔴Vulnerability Details

CVEList

WordPress If-So Dynamic Content Personalization Plugin <= 1.6.3.1 is vulnerable to Cross Site Scripting (XSS)↗2024-02-10

▶

GHSA

GHSA-7rxr-hv3w-h99r: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalizati↗2024-02-10

▶