CVE-2023-5167Cross-site Scripting in User Activity LOG

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 69.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Solwininfotech User Activity LOG
Timeline
PublishedOct 16

Description

The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p7q4-fcj5-j6x7: The User Activity Log Pro WordPress plugin before 22023-10-16
CVEList
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent2023-10-16
CVE-2023-5167 — Cross-site Scripting | cvebase