CVE-2024-25599 — Cross-site Scripting in Seriously Simple Podcasting

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 40.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Castos Seriously Simple Podcasting Craig Hewitt Seriously Simple Podcasting

Timeline

PublishedMar 28

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting.This issue affects Seriously Simple Podcasting: from n/a through <= 3.0.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5craig_hewitt/seriously_simple_podcasting3.0.2

▶NVDcastos/seriously_simple_podcasting< 3.1.0

🔴Vulnerability Details

CVEList

WordPress Seriously Simple Podcasting plugin <= 3.0.2 - Reflected Cross Site Scripting (XSS) vulnerability↗2024-03-28

▶

GHSA

GHSA-f357-4jg5-3c72: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflec↗2024-03-28

▶

VulnCheck

castos seriously_simple_podcasting Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2024

▶