CVE-2024-37437

CWE-79 — Cross-site Scripting (XSS)CWE-22 — Path Traversal3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.7%

top 28.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elementor Website Builder Elementor Elementor Website Builder

Timeline

PublishedJul 9

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through <= 3.22.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDelementor/website_builder< 3.22.2

▶CVEListV5elementor/elementor_website_builder3.22.1

🔴Vulnerability Details

CVEList

WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability↗2024-07-09

▶

GHSA

GHSA-jxrx-x83g-j3m2: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site↗2024-07-09

▶