CVE-2024-35731

Published Jun 8, 2024

Last updated 4 months ago

CVSS medium 5.4

Overview

Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9.
Source: audit@patchstack.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

audit@patchstack.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wpmoose:kenta_blocks:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3096B8A-9FCC-4F29-9E30-9EC285061407",
            "versionEndExcluding": "1.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References