CVE-2024-37552

2024-07-2107:15:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-37552

web page generation

xss

cross-site scripting

inisev

social media

share icons

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.7%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Inisev Social Media & Share Icons allows Stored XSS.This issue affects Social Media & Share Icons: from n/a through 2.9.1.

Affected configurations

Nvd

Node

inisevsocial_media_share_buttons_\&_social_sharing_iconsRange<2.9.2wordpress

VendorProductVersionCPE
inisevsocial_media_share_buttons_\&_social_sharing_icons*cpe:2.3:a:inisev:social_media_share_buttons_\&_social_sharing_icons:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
inisev	social_media_share_buttons_\&_social_sharing_icons	*	cpe:2.3:a:inisev:social_media_share_buttons_\&_social_sharing_icons::::::wordpress::*

References

patchstack.com/database/vulnerability/ultimate-social-media-icons/wordpress-social-media-share-buttons-social-sharing-icons-plugin-2-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve