Lucene search

K
wpvulndbWpvulndbWPVDB-ID:62A9D431-A3DC-4F81-BEEE-A9AFBECCF27B
HistoryMay 22, 2024 - 12:00 a.m.

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo < 3.1.78 - Reflected XSS

2024-05-2200:00:00
wpscan.com
4
brevo plugin
reflected xss
input sanitization
output escaping
unauthenticated attackers
web scripts

6.5 Medium

AI Score

Confidence

High

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CPENameOperatorVersion
eq3.1.78

6.5 Medium

AI Score

Confidence

High