Vulnerabilities > CVE-2023-5167 - Unspecified vulnerability in Solwininfotech User Activity LOG

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

solwininfotech

NVD

Published: 2023-10-16

Updated: 2023-11-07

Summary

The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.

Vulnerable Configurations

Part	Description	Count
Application	Solwininfotech Solwininfotech User Activity LOG *	1

References

https://wpscan.com/vulnerability/78ea6fe0-5fac-4923-949c-023c85fe2437