CVE-2024-22300Cross-site Scripting in Email Subscribers Newsletters

CWE-79Cross-site Scripting3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 57.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Icegram Email Subscribers Newsletters
Timeline
PublishedMar 27

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages1 packages

CVEListV5icegram/email_subscribers_newslettersn/a5.7.11

🔴Vulnerability Details

2
CVEList
WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability2024-03-27
GHSA
GHSA-4526-r3g2-c73j: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows R2024-03-27
CVE-2024-22300 — Cross-site Scripting | cvebase