CVE-2024-35687

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 53.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ylefebvre Link Library Yannick Lefebvre Link Library

Timeline

PublishedJun 8

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5yannick_lefebvre/link_libraryn/a — 7.6.3

▶NVDylefebvre/link_library< 7.6.4

🔴Vulnerability Details

CVEList

WordPress Link Library plugin <= 7.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability↗2024-06-08

▶

GHSA

GHSA-jmx6-85w7-8gpc: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-librar↗2024-06-08

▶