{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-4477","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-05-03T19:34:58.394Z","datePublished":"2024-06-21T06:00:04.995Z","dateUpdated":"2024-08-01T20:40:47.341Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-06-21T06:00:04.995Z"},"title":"WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS","problemTypes":[{"descriptions":[{"description":"CWE-79 Cross-Site Scripting (XSS)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"WP Logs Book","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"1.0.1"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting"}],"references":[{"url":"https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Bob Matyas","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"affected":[{"vendor":"onetarek","product":"wp-logs-book","cpes":["cpe:2.3:a:onetarek:wp-logs-book:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"1.0.1","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","integrityImpact":"LOW","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"HIGH","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-25T18:52:48.270280Z","id":"CVE-2024-4477","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-11T14:24:35.827Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:40:47.341Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}