CVE-2024-37489 — Cross-site Scripting in Ocean Extra

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.5

EPSS

0.1%

top 65.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oceanwp Ocean Extra

Timeline

PublishedJul 21

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.2.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDoceanwp/ocean_extra< 2.3.0

▶CVEListV5oceanwp/ocean_extran/a — 2.2.9

🔴Vulnerability Details

GHSA

GHSA-pqrj-2638-m882: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS↗2024-07-21

▶

CVEList

WordPress Ocean Extra plugin <= 2.2.9 - Authenticated Cross Site Scripting (XSS) vulnerability↗2024-07-21

▶