CVE-2024-10896OS Command Injection in Logo Slider

CWE-78OS Command InjectionCWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 74.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Logichunt Logo Slider
Timeline
PublishedNov 28

Description

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-x8c4-4qx3-cf7m: The Logo Slider WordPress plugin before 42024-11-28
CVEList
Logo Slider < 4.5.0 - Contributor+ Stored XSS2024-11-28
CVE-2024-10896 — OS Command Injection in Logo Slider | cvebase