CVE-2024-10473

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 75.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Logo SliderLogichunt Logo Slider
Timeline
PublishedNov 28

Description

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/logo_slider< 4.5.0

🔴Vulnerability Details

2
GHSA
GHSA-5xvj-wwgx-xf7x: The Logo Slider WordPress plugin before 42024-11-28
CVEList
Logo Slider < 4.5.0 - Author+ Stored XSS2024-11-28
CVE-2024-10473 (MEDIUM CVSS 5.4) | The Logo Slider WordPress plugin be | cvebase.io