CVE-2021-24152 β€” Cross-site Scripting in Popup Builder

CWE-79 β€” Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 56.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sygnoos Popup Builder
Timeline
PublishedApr 5
Latest updateMay 24

Description

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

β–ΆNVDsygnoos/popup_builder< 3.74

πŸ”΄Vulnerability Details

2
GHSA
GHSA-jqrr-p4p9-3jf4: The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting↗2022-05-24
β–Ά
CVEList
Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)β†—2021-04-05
β–Ά
CVE-2021-24152 β€” Cross-site Scripting in Popup Builder | cvebase