CVE-2024-8284Cross-site Scripting in Download Manager

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 66.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
W3eden Download Manager
Timeline
PublishedMay 15

Description

The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5c34-m5vc-78j5: The Download Manager WordPress plugin before 32025-05-15
CVEList
Download Manager <= 3.2.98 - Admin+ Stored XSS2025-05-15
CVE-2024-8284 — Cross-site Scripting | cvebase