A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/elementor/#developers | Product Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-09-16 20:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-20406
Mitre link : CVE-2020-20406
CVE.ORG link : CVE-2020-20406
JSON object : View
Products Affected
elementor
- elementor_page_builder
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')