CVE-2024-5429 — Cross-site Scripting in Logo Slider

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

7.6HIGHNVD

EPSS

0.4%

top 37.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Logichunt Logo Slider

Timeline

PublishedOct 17

Description

The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

▶NVDlogichunt/logo_slider< 4.1.0

🔴Vulnerability Details

CVEList

Logo Slider < 4.1.0 - Contributor+ Stored XSS↗2024-10-17

▶

GHSA

GHSA-v4cx-r43j-pwh7: The Logo Slider WordPress plugin before 4↗2024-10-17

▶