{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10473","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-10-28T18:30:03.575Z","datePublished":"2024-11-28T06:00:05.185Z","dateUpdated":"2024-11-29T15:50:32.875Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-11-28T06:00:05.185Z"},"title":"Logo Slider < 4.5.0 - Author+ Stored XSS","problemTypes":[{"descriptions":[{"description":"CWE-79 Cross-Site Scripting (XSS)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Logo Slider","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"4.5.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks."}],"references":[{"url":"https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Dmitrii Ignatyev","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"affected":[{"vendor":"logo_slider_wordpress","product":"logo_slider_wordpress","cpes":["cpe:2.3:a:logo_slider_wordpress:logo_slider_wordpress:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"4.5.0","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":5.4,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-29T15:48:25.042365Z","id":"CVE-2024-10473","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-29T15:50:32.875Z"}}]}}