CVE-2024-2120
published 2024-03-27CVE-2024-2120: The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.34%
25.8th percentile
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elementor | website_builder | < 3.20.2 | 3.20.2 |
| https | elementor.com_elementor_website_builder_pro | <= 3.20.1 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cisa6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mfv7-6rh8-77p4: The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post
ghsa_unreviewed·2024-03-27
CVE-2024-2120 [MEDIUM] CWE-79 GHSA-mfv7-6rh8-77p4: The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CISA
Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
cisa·2024-11-12·CVSS 6.1
CVE-2014-2120 [MEDIUM] CWE-79 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
Vulnerability: Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
Affected: Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120
Remediation Due Date: 2024-12-03
Suricata
ET WEB_SPECIFIC_APPS Cisco ASA WebVPN Cross-Site Scripting (CVE-2014-2120)
suricata·2024-11-19·CVSS 6.1
CVE-2014-2120 [MEDIUM] ET WEB_SPECIFIC_APPS Cisco ASA WebVPN Cross-Site Scripting (CVE-2014-2120)
ET WEB_SPECIFIC_APPS Cisco ASA WebVPN Cross-Site Scripting (CVE-2014-2120)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco ASA WebVPN Cross-Site Scripting (CVE-2014-2120)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/+CSCOE+/logon.html|3f|"; fast_pattern; content:"reason|3d|2"; content:"username|3d|"; pcre:"/^.*?(?:[\x20\x27\x22\x2f]on[a-z]+\x3d|(?:[^\x2f]s(?:cript[\x3a\x3e\x20\x2f]|tyle\x3d)|\x3ciframe[\x20\x2f]))/R"; reference:url,seclists.org/fulldisclosure/2016/Feb/82; reference:cve,2014-2120; classtype:web-application-attack; sid:2057723; rev:1; metadata:affected_product Cisco_ASA, attack_target Server, tls_state TLSDecrypt, created_at 2024_11_19, cve CVE_2014_2120, deployment Perimeter, deployment Internal, deployment SSLDec
Suricata
GPL FTP SITE CHOWN overflow attempt
suricata·2010-09-23
CVE-2001-0065 GPL FTP SITE CHOWN overflow attempt
GPL FTP SITE CHOWN overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP SITE CHOWN overflow attempt"; flow:established,to_server; content:"SITE"; nocase; content:"CHOWN"; distance:0; nocase; isdataat:100,relative; pcre:"/^SITE\s+CHOWN\s[^\n]{100}/smi"; reference:bugtraq,2120; reference:cve,2001-0065; classtype:attempted-admin; sid:2101562; rev:14; metadata:created_at 2010_09_23, cve CVE_2001_0065, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
https://elementor.com/pro/changelog/?utm_source=wp-plugins&utm_campaign=pro-changelog&utm_medium=wp-dashhttps://www.wordfence.com/threat-intel/vulnerabilities/id/de1742d4-f498-4ad4-b6a1-88cb60e83afc?source=cvehttps://elementor.com/pro/changelog/?utm_source=wp-plugins&utm_campaign=pro-changelog&utm_medium=wp-dashhttps://www.wordfence.com/threat-intel/vulnerabilities/id/de1742d4-f498-4ad4-b6a1-88cb60e83afc?source=cve
2024-03-27
Published