{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10896","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-11-05T18:49:09.341Z","datePublished":"2024-11-28T06:00:12.112Z","dateUpdated":"2024-11-29T15:39:39.900Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-11-28T06:00:12.112Z"},"title":"Logo Slider < 4.5.0 - Contributor+ Stored XSS","problemTypes":[{"descriptions":[{"description":"CWE-79 Cross-Site Scripting (XSS)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Logo Slider","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"4.5.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting"}],"references":[{"url":"https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Dmitrii Ignatyev","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}],"affected":[{"vendor":"logo_slider_wordpress","product":"logo_slider_wordpress","cpes":["cpe:2.3:a:logo_slider_wordpress:logo_slider_wordpress:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"4.5.0","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":5.4,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-29T15:36:17.058588Z","id":"CVE-2024-10896","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-29T15:39:39.900Z"}}]}}