CVE-2023-3387

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 24, 2023

Updated: Nov 7, 2023

CWE ID 250

Summary

CVE-2023-3387 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Lana Text to Image plugin for WordPress. This issue, occurring in versions up to and including 1.0.0, arises due to insufficient input sanitization and output escaping on user-supplied attributes in the 'lana_text_to_image' and 'lana_text_to_img' shortcode. Consequently, authenticated attackers with contributor-level or higher permissions can inject arbitrary web scripts, leading to the execution of malicious code whenever an injected page is accessed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

AVEVA Edge

Affected Vendors

Aveva Group

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tZ07-l
https://www.cve.org/CVERecord?id=CVE-2023-3387
https://nvd.nist.gov/vuln/detail/CVE-2023-3387

Back to Vulnerability Database