CVE-2024-3288 — Cross-site Scripting in Logo Slider

CWE-79 — Cross-site Scripting CWE-99 — Resource Injection4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.8%

top 26.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Logichunt Logo Slider

Timeline

PublishedJun 7

Latest updateAug 26

Description

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDlogichunt/logo_slider< 4.0.0

🔴Vulnerability Details

CVEList

Logo Slider < 4.0.0 - Contributor+ Stored XSS↗2024-06-07

▶

GHSA

GHSA-8jg8-869p-gv73: The Logo Slider WordPress plugin before 4↗2024-06-07

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC↗2024-08-26

▶