CVE-2024-11402 - Vulnerability Details - OpenCVE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Wordpress	Wordpress

No data.

No data.

References

Link	Providers
https://patchstack.com/database/wordpress/plugin/block-editor-bootstrap-blocks/vulnerability/wordpress-block-editor-bootstrap-blocks-plugin-6-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

History

Thu, 28 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 28 Nov 2024 11:15:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.
Title		WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses		CWE-79
References		https://patchstack.com/database/wordpress/plugin/block-editor-bootstrap-blocks/vulnerability/wordpress-block-editor-bootstrap-blocks-plugin-6-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-11-28T11:00:31.017Z

Updated: 2024-11-28T12:15:16.256Z

Reserved: 2024-11-19T11:04:01.503Z

Link: CVE-2024-11402

Vulnrichment

Updated: 2024-11-28T12:09:09.036Z

NVD

Status : Received

Published: 2024-11-28T11:15:17.613

Modified: 2024-11-28T11:15:17.613

Link: CVE-2024-11402

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11402", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-11-19T11:04:01.503Z", "datePublished": "2024-11-28T11:00:31.017Z", "dateUpdated": "2024-11-28T12:15:16.256Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "block-editor-bootstrap-blocks", "product": "Block Editor Bootstrap Blocks", "vendor": "WP-speedup", "versions": [{"changes": [{"at": "6.6.2", "status": "unaffected"}], "lessThanOrEqual": "6.6.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Le Ngoc Anh (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.<p>This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-11-28T11:00:31.017Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/block-editor-bootstrap-blocks/vulnerability/wordpress-block-editor-bootstrap-blocks-plugin-6-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Block Editor Bootstrap Blocks plugin to the latest available version (at least 6.6.2)."}], "value": "Update the WordPress Block Editor Bootstrap Blocks plugin to the latest available version (at least 6.6.2)."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11402", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-28T12:09:06.333422Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-28T12:15:16.256Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11402", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-28T12:09:06.333422Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-28T12:09:09.036Z"}}], "cna": {"title": "WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Le Ngoc Anh (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WP-speedup", "product": "Block Editor Bootstrap Blocks", "versions": [{"status": "affected", "changes": [{"at": "6.6.2", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "6.6.1"}], "packageName": "block-editor-bootstrap-blocks", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress Block Editor Bootstrap Blocks plugin to the latest available version (at least 6.6.2).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress Block Editor Bootstrap Blocks plugin to the latest available version (at least 6.6.2).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/block-editor-bootstrap-blocks/vulnerability/wordpress-block-editor-bootstrap-blocks-plugin-6-6-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.<p>This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-11-28T11:00:31.017Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11402", "state": "PUBLISHED", "dateUpdated": "2024-11-28T12:15:16.256Z", "dateReserved": "2024-11-19T11:04:01.503Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-11-28T11:00:31.017Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}