Security Research & Advisories

Stored Cross-Site Scripting (XSS) in Manga+Press Comic Manager v3.1.0

Vendor
Product Manga+Press Comic Manager
Affected Version(s) 3.1.0 and probably prior
Tested Version(s) 3.1.0
Vendor Notification 04 June 2024
Advisory Publication 04 June 2024 [without technical details]
Vendor Fix N/A
Public Disclosure 04 June 2024
Latest Modification 03 June 2024
CVE Identifier Pending
Product Description Manga+Press is a webcomic management system for WordPress. Manga+Press uses WordPress posts, pages and categories to help you keep track of your comic posts.
Credits Josué Cruz Mier - Security Researcher & Penetration Tester @wizlynx group

Vulnerability Details

Stored Cross Site Scripting (XSS)
Severity: Medium CVSS Score: 5.4 CWE-ID: CWE-79 Status: Open
Vulnerability Description
The Manga+Press Comic Manager plugin is affected by Stored Cross-Site Scripting (XSS) vulnerability affecting version 3.1.0. An attacker might exploit this issue to execute arbitrary script code in the browser of an unsuspecting user while they are browsing the affected application.
CVSS Base Score
Attack Vector Network Scope Changed
Attack Complexity Low Confidentiality Impact Low
Privileges Required Low Integrity Impact Low
User Interaction Required Availability Impact None

Description

Full details about the vulnerability will be disclosed once the vendor has provided a patch.

Top