ghsa-87x7-f7g8-6px2
Vulnerability from github
Published
2023-08-21 09:30
Modified
2024-04-04 07:04
Severity
5.4 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-40068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-21T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.",
  "id": "GHSA-87x7-f7g8-6px2",
  "modified": "2024-04-04T07:04:43Z",
  "published": "2023-08-21T09:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40068"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN98946408"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/plugins/advanced-custom-fields"
    },
    {
      "type": "WEB",
      "url": "https://www.advancedcustomfields.com"
    },
    {
      "type": "WEB",
      "url": "https://www.advancedcustomfields.com/blog/acf-6-1-8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.