Lucene search
WpvulndbWPVDB-ID:036047ED-3894-4C54-9397-B2BD350DB1D4HistoryFeb 21, 2024 - 12:00 a.m.
Sassy Social Share < 3.3.57 - Contributor+ Stored XSS
2024-02-2100:00:00
wpscan.com
14
plugin
vulnerability
stored cross-site scripting
contributor role
shortcode attributes
page/post
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
0
Percentile
15.5%
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Related
prion
prion
Cross site scripting
2024-02-29 01:43:00
nvd
nvd
CVE-2024-1448
2024-02-29 01:43:51
vulnrichment
vulnrichment
CVE-2024-1448
2024-02-20 18:56:21
cvelist
cvelist
CVE-2024-1448
2024-02-20 18:56:21
cve
cve
CVE-2024-1448
2024-02-29 01:43:51
wordfence
wordfence
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
0
Percentile
15.5%
Related for WPVDB-ID:036047ED-3894-4C54-9397-B2BD350DB1D4