CVE-2023-2624: KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting

0.0 CVSS

Description

The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator

Classification

CVE ID: CVE-2023-2624

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: KiviCare

Nuclei Template

http/cves/2023/CVE-2023-2624.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.49% (probability of being exploited)

EPSS Percentile: 76.15% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wpscan.com/vulnerability/dc3a841d-a95b-462e-be4b-acaa44e77264
http://packetstormsecurity.com/files/174895/WordPress-KiviCare-3.2.0-Cross-Site-Scripting.html

Timeline

2024-11-28 00:10:59 UTC
CVE

KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting