CVE-2023-7015
published 2024-03-13CVE-2023-7015: The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.47%
36.9th percentile
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| file_manager | file_manager_pro | <= 8.3.4 | — |
| filemanagerpro.io | file_manager_pro | < 8.3.5 | 8.3.5 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
python2.7 regression
osv·2025-09-29·CVSS 5.3
CVE-2023-27043 python2.7 regression
python2.7 regression
USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix
for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module inc
OSV
python2.7 regresssions
osv·2024-11-22·CVSS 5.3
CVE-2023-27043 python2.7 regresssions
python2.7 regresssions
USN-7015-5 fixed vulnerabilities in python2.7. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly
OSV
python2.7 vulnerabilities
osv·2024-11-19·CVSS 5.3
CVE-2024-6232 python2.7 vulnerabilities
python2.7 vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7
in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email mod
OSV
python2.7, python3.5 vulnerability
osv·2024-10-14·CVSS 5.3
CVE-2023-27043 python2.7, python3.5 vulnerability
python2.7, python3.5 vulnerability
USN-7015-1 fixed several vulnerabilities in Python. This update provides the
corresponding update for CVE-2023-27043 for python2.7 and python3.5 in
Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker
OSV
python2.7, python3.5 vulnerability
osv·2024-10-01·CVSS 5.3
CVE-2023-27043 python2.7, python3.5 vulnerability
python2.7, python3.5 vulnerability
USN-7015-1 fixed several vulnerabilities in Python. This update provides
the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for
python3.5 in Ubuntu 16.04 LTS.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the P
GHSA
GHSA-w3jr-pgx2-pq2x: The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including,
ghsa_unreviewed·2024-03-13
CVE-2023-7015 [MEDIUM] CWE-79 GHSA-w3jr-pgx2-pq2x: The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including,
The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-13
Published