The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
History

Fri, 13 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
CPEs cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:wordpress:*:*

Thu, 12 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Scriptonite
Scriptonite music Request Manager
CPEs cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:*:*:*
Vendors & Products Scriptonite
Scriptonite music Request Manager
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
Title Music Request Manager <= 1.3 - Unauthenticated Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-09-12T06:00:03.903Z

Updated: 2024-09-12T18:26:41.695Z

Reserved: 2024-06-14T18:39:07.579Z

Link: CVE-2024-6019

cve-icon Vulnrichment

Updated: 2024-09-12T18:26:35.562Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-12T06:15:24.000

Modified: 2024-09-13T16:13:40.340

Link: CVE-2024-6019

cve-icon Redhat

No data.