Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-7246

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
1.5%
top 18.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown System DashboardBowo System Dashboard
Timeline
PublishedMar 20

Description

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDbowo/system_dashboard< 2.8.10
CVEListV5unknown/system_dashboard< 2.8.10

🔴Vulnerability Details

2
CVEList
System Dashboard < 2.8.10 - XSS via Header Injection2024-03-20
GHSA
GHSA-qmw9-5q6h-hjxj: The System Dashboard WordPress plugin before 22024-03-20

💥Exploits & PoCs

1
Nuclei
System Dashboard < 2.8.10 - Cross-Site Scripting
CVE-2023-7246 (MEDIUM CVSS 5.4) | The System Dashboard WordPress plug | cvebase.io