Vulnerabilities > CVE-2023-0431 - Unspecified vulnerability in File Away Project File Away 3.9.9.0.1

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

file-away-project

NVD

Published: 2023-06-12

Updated: 2023-11-07

Summary

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Vulnerable Configurations

Part	Description	Count
Application	File_Away_Project File Away Project File Away - File Away Project File Away 3.9.9.0.1	2

References

https://wpscan.com/vulnerability/fdcbd9a3-552d-439e-b283-1d3d934889af