CVE-2023-6769 MEDIUM

CVE-2023-6769: Stored XSS vulnerability in Amazing Little Poll

Vendor Amazing Little Poll
Product Amazing Little poll
Weakness CWE-79 · XSS
Published December 20, 2023
Last update November 21, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lp_admin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution while the page is loading.

Key dates

02Disclosure timeline

December 20, 2023 CVE published
November 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-49862 WordPress Ebook Store plugin <= 5.8008 - Cross Site Scripting (XSS) Vulnerability CVE-2023-2708 Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting CVE-2025-31006 WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-51918 WordPress Pay With Stripe plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability CVE-2023-32107 WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)