Lucene search
WpvulndbWPVDB-ID:2099DB9F-56E7-4E3E-BD42-704F6173DF9FHistoryMay 07, 2024 - 12:00 a.m.
Realtyna Organic IDX plugin < 4.14.8 - Reflected XSS
2024-05-0700:00:00
wpscan.com
8
realtyna organic idx
wpl real estate
wordpress
reflected cross-site scripting
input sanitization
output escaping
unauthenticated attackers
arbitrary web scripts
link trick
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Related
cvelist
cvelist
nvd
nvd
CVE-2024-33924
2024-05-03 08:15:08
vulnrichment
vulnrichment
cve
cve
CVE-2024-33924
2024-05-03 08:15:08
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:2099DB9F-56E7-4E3E-BD42-704F6173DF9F