Lucene search
HistoryJul 09, 2024 - 11:15 a.m.
CVE-2024-37437
cve-2024-37437
elementor
path traversal
xss
stored xss
security vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1.
Affected configurations
Node
elementorwebsite_builderRange<3.22.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| elementor | website_builder | * | cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:* |
Related
vulnrichment
vulnrichment
cvelist
cvelist
cve
cve
CVE-2024-37437
2024-07-09 11:15:14
wordfence
wordfence
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2024-37437