CVE-2024-11107

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
1.2%
top 20.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown System DashboardBowo System Dashboard
Timeline
PublishedDec 10

Description

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDbowo/system_dashboard< 2.8.15
CVEListV5unknown/system_dashboard< 2.8.15

🔴Vulnerability Details

2
CVEList
System Dashboard < 2.8.15 - Unauthenticated Stored XSS2024-12-10
GHSA
GHSA-9m9r-rw59-qh84: The System Dashboard WordPress plugin before 22024-12-10
CVE-2024-11107 (MEDIUM CVSS 6.1) | The System Dashboard WordPress plug | cvebase.io