5 matches found
CVE-2024-37437
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through = 3.22.1...
CVE-2024-37437
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through = 3.22.1...
CVE-2024-37437 WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting XSS, Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1...
CVE-2024-37437
CVE-2024-37437 affects Elementor Website Builder (WordPress plugin) up to version 3.22.1. Root cause: improper restriction of pathnames leading to a Path Traversal; impact includes arbitrary SVG download and potential Cross-Site Scripting (stored XSS) as indicated by multiple sources. Mitigation:...
WordPress Elementor Website Builder Plugin <= 3.22.1 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.22.1 Fixed in 3.22.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37437 Patch priority Low CVSS severity Low 5.5 Developer Elementor PSID a41c27164cdd Credits stealthcopter Required privilege...