All the vulnerabilites related to Unknown - SVG Block
cve-2024-4269
Vulnerability from cvelistv5
Published
2024-07-13 06:00
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/8aae7aa1-6170-45d8-903f-8520913276da/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phiphan:svg_block:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "svg_block",
"vendor": "phiphan",
"versions": [
{
"lessThan": "1.1.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:32:24.157782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:27:39.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8aae7aa1-6170-45d8-903f-8520913276da/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SVG Block",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rayhan Ramdhany Hanaputra"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T06:00:05.955Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/8aae7aa1-6170-45d8-903f-8520913276da/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SVG Block \u003c 1.1.20 - Author+ Stored XSS via SVG File Upload",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4269",
"datePublished": "2024-07-13T06:00:05.955Z",
"dateReserved": "2024-04-26T19:23:40.697Z",
"dateUpdated": "2024-08-01T20:33:53.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}