CVE-2024-6026Cross-site Scripting in Slider

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.5%
top 33.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
10web Slider
Timeline
PublishedJul 11

Description

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVD10web/slider< 1.2.56

🔴Vulnerability Details

2
GHSA
GHSA-qqv3-hj3c-mx96: The Slider by 10Web WordPress plugin before 12024-07-11
CVEList
Slider by 10Web < 1.2.56 - Editor+ Stored XSS2024-07-11
CVE-2024-6026 — Cross-site Scripting in 10web Slider | cvebase