CVE-2024-39643 — Cross-site Scripting in Registrationmagic

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA5.8

EPSS

0.3%

top 43.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Metagauss Registrationmagic Registrationmagic Forms Registrationmagic

Timeline

PublishedAug 1

Latest updateAug 2

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5registrationmagic_forms/registrationmagicn/a — 6.0.0.1

▶NVDmetagauss/registrationmagic< 6.0.0.2

🔴Vulnerability Details

GHSA

GHSA-f97v-4q2m-vp42: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic↗2024-08-02

▶

CVEList

WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability↗2024-08-01

▶