CVE-2023-48763

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Published: Apr 24, 2024 / Updated: 6mo ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2023-48763

Apr 24, 2024 at 4:15 PM
CVSS

A CVSS base score of 5.3 has been assigned.

Apr 24, 2024 at 4:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2023-48763. See article

Apr 24, 2024 at 4:21 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.2%)

Apr 25, 2024 at 9:45 AM
Threat Intelligence Report

The vulnerability CVE-2023-48763 in Crocoblock JetFormBuilder allows for Code Injection due to improper neutralization of script-related HTML tags, posing a significant risk to affected systems. This vulnerability has a CVSS score of 5.3 and is exploitable by attackers in the wild. Mitigations, detections, and patches are not currently available, potentially leading to downstream impacts on third-party vendors or technologies utilizing JetFormBuilder. See article

Apr 29, 2024 at 10:00 PM
Static CVE Timeline Graph

Affected Systems

Crocoblock/jetformbuilder
+null more

Attack Patterns

CAPEC-18: XSS Targeting Non-Script Elements
+null more

News

CVE-2023-48763
Medium Severity Description Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4. Read more at https://www.tenable.com/cve/CVE-2023-48763
NA - CVE-2023-48763 - Improper Neutralization of Script-Related HTML...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through...
CVE-2023-48763 | Crocoblock JetFormBuilder Plugin up to 3.1.4 on WordPress cross site scripting
A vulnerability was found in Crocoblock JetFormBuilder Plugin up to 3.1.4 on WordPress. It has been declared as problematic . Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2023-48763 . The attack can be launched remotely. There is no exploit available.
CVE-2023-48763
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through...
CVE-2023-48763
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI