CVE-2023-38518
WordPress Borderless Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visualmodo Borderless plugin <= 1.4.8 versions.
We have discovered 76 live websites that are affected by CVE-2023-38518.
Affected Software
| Product |  Borderless |
| Category | Wordpress Plugins |
| Vulnerable Domains | 76 live websites (7.76% of Borderless install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 14 versions ( 44% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Sep 3, 2023
- Updated - Sep 24, 2024
Credits
- Rio Darmawan (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-38518 United States | 16 websites |
 Switzerland | 12 websites |
 France | 5 websites |
 Netherlands | 5 websites |
 South Africa | 5 websites |
 Austria | 3 websites |
 Germany | 3 websites |
 Bulgaria | 2 websites |
 Brazil | 2 websites |
 GB | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2023-38518| .com | 21 websites |
| .ch | 12 websites |
| .org | 5 websites |
| .nl | 4 websites |
| .at | 3 websites |
| .com.br | 2 websites |
| .fi | 2 websites |
| .it | 2 websites |
| .co.uk | 1 websites |
| .de | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-38518
Top websites that are affected by CVE-2023-38518. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.fr | France | *,***,*** | |
| ********.******.org | United States | *,***,*** | |
| **************.org | United States | *,***,*** | |
| *******************************.com | United States | *,***,*** | |
| ***************************.nl | Netherlands | *,***,*** | |
| **********.com | United States | *,***,*** | |
| **********.com | United States | *,***,*** | |
| *********.**.ke |  Kenya | *,***,*** | |
| ****.*****************.com | United States | *,***,*** | |
| *******.com |  Thailand | *,***,*** |
FAQ
CVE-2023-38518 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Borderless
A total of 76 websites have been identified as vulnerable to CVE-2023-38518, based on global website indexing conducted by WebTechSurvey.
The Borderless is affected by the CVE-2023-38518 vulnerability.
Borderless versions up to and including 1.4.8 are vulnerable to CVE-2023-38518.