CVE-2024-5032Cross-site Scripting in Sully

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.2%
top 59.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Toolstack Sully
Timeline
PublishedJul 13

Description

The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDtoolstack/sully< 4.3.1

🔴Vulnerability Details

2
GHSA
GHSA-g345-r3xq-7xxq: The SULly WordPress plugin before 42024-07-13
CVEList
SULly < 4.3.1 - Reflected XSS2024-07-13
CVE-2024-5032 — Cross-site Scripting in Toolstack Sully | cvebase