{"id":"CVE-2023-40680","details":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.\n\n","modified":"2026-04-12T08:01:32.892344Z","published":"2023-11-30T13:15:07.927Z","references":[{"type":"ADVISORY","url":"https://patchstack.com/database/vulnerability/wordpress-seo/wordpress-yoast-seo-plugin-21-0-cross-site-scripting-xss-vulnerability?_s_id=cve"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yoast/wordpress-seo","events":[{"introduced":"0"},{"last_affected":"bb25730ea60d1f4540df36e5463994d87cef4fa2"}],"database_specific":{"cpe":"cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"21.0"}],"source":"CPE_FIELD"}}],"versions":["1.4.15","1.4.18","1.4.20","1.4.21","1.4.22","1.4.23","1.4.24","1.4.25","1.5.0","1.5.1","1.5.2","1.5.2.1","1.5.2.2","1.5.2.3","1.5.2.4","1.5.5","1.5.5.1","1.5.5.2","1.5.5.3","1.5.6","1.6","1.6.1","1.6.2","1.6.3","1.8-beta","10.0","10.0.1","10.1","10.1.1","10.1.2","10.1.3","11.0","11.1","11.1.1","11.2","11.2.1","11.3","11.4","11.5","11.6","11.7","11.8","11.9","12.0","12.1","12.2","12.3","12.4","12.5","12.5.1","12.6","12.6.1","12.6.2","12.7","12.7.1","12.8","12.8.1","12.9","12.9.1","13.0","13.1","13.2","13.3","13.4","13.5","14.0","14.0.1","14.0.2","14.0.3","14.0.4","14.1","14.2","14.3","14.4","14.4.1","14.5","14.6","14.6.1","14.7","14.8","14.8.1","14.9","15.0","15.1","15.1.1","15.2","15.2.1","15.3","15.4","15.5","15.6","15.6.1","15.6.2","15.7","15.8","15.8.1-RC1","15.9","15.9.1","15.9.2","16.0","16.0.1","16.0.2","16.1","16.1.1","16.2","16.3","16.4","16.5","16.6","16.6.1","16.7","16.8","16.9","17.0","17.1","17.2","17.2.1","17.3","17.4","17.5","17.6","17.7","17.7.1","17.8","17.9","18.0","18.1","18.2","18.3","18.4.1","18.5","18.5.1","18.6","18.7","18.8","18.9","19.0","19.1","19.10","19.11","19.12","19.13","19.14","19.2","19.3","19.4","19.5","19.5.1","19.6","19.6.1","19.7","19.7.1","19.7.2","19.8","19.9","2.0","2.0.1","2.1","2.1.1","2.2","2.2.1","2.3","2.3.1","2.3.2","20.0","20.1","20.10","20.11","20.12","20.13","20.2","20.2.1","20.3","20.4","20.5","20.6","20.7","20.8","20.9","21.0","3.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.3.1","3.4","3.7.0","4.5","4.6","4.7","4.8","4.9","5.1","5.2","5.3","5.3.1","5.3.2","5.3.3","5.4.0","5.4.1","5.4.2","5.5","5.5.1","5.6","5.6.1","5.7","5.7.1","5.8","5.9","5.9.1","5.9.2","5.9.3","6.0","6.1","6.1.1","6.2","6.3","6.3.1","7.0","7.0.1","7.0.2","7.0.3","7.1","7.2","7.3","7.4","7.4.1","7.4.2","7.5","7.5.1","7.5.3","7.6","7.6.1","7.7","7.7.1","7.7.2","7.7.3","7.8","7.9","7.9.1","8.0","8.1","8.1.1","8.1.2","8.2","8.2.1","8.3","8.4","9.0","9.0.1","9.0.2","9.0.3","9.1","9.2","9.2.1","9.3","9.4","9.5","9.6","9.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40680.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}