1. Home
  2. CVE Database
  3. CVE-2023-4757
MEDIUM · 5.4

CVE-2023-4757

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing use...

Vulnerability Description

The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MiniorangeStaff \/ Employee Business Directory For Active Directory< 1.2.3

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2023-4757?

CVE-2023-4757 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing use...

How severe is CVE-2023-4757?

CVE-2023-4757 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4757?

Check the references section above for vendor advisories and patch information. Affected products include: Miniorange Staff \/ Employee Business Directory For Active Directory.