{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6019", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-06-14T18:39:07.579Z", "datePublished": "2024-09-12T06:00:03.903Z", "dateUpdated": "2024-09-12T18:26:41.695Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-09-12T06:00:03.903Z"}, "title": "Music Request Manager <= 1.3 - Unauthenticated Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Music Request Manager", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "1.3"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators"}], "references": [{"url": "https://wpscan.com/vulnerability/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Bob Matyas", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "scriptonite", "product": "music_request_manager", "cpes": ["cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T18:26:01.066049Z", "id": "CVE-2024-6019", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T18:26:41.695Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6019", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-12T18:26:01.066049Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:*:*:*"], "vendor": "scriptonite", "product": "music_request_manager", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T18:26:35.562Z"}}], "cna": {"title": "Music Request Manager <= 1.3 - Unauthenticated Stored XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Bob Matyas"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Music Request Manager", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-09-12T06:00:03.903Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6019", "state": "PUBLISHED", "dateUpdated": "2024-09-12T18:26:41.695Z", "dateReserved": "2024-06-14T18:39:07.579Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-09-12T06:00:03.903Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scriptonite:music_request_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "115B486D-D73E-46D1-8835-4FB342AE0CE3", "versionEndIncluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators"}, {"lang": "es", "value": "El complemento Music Request Manager de WordPress hasta la versi\u00f3n 1.3 no desinfecta ni evita las solicitudes de m\u00fasica entrantes, lo que podr\u00eda permitir que usuarios no autenticados realicen ataques de cross site scripting contra administradores."}], "id": "CVE-2024-6019", "lastModified": "2024-09-13T16:13:40.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-12T06:15:24.000", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}