CVE-2020-20406

A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.
References
Link Resource
https://wordpress.org/plugins/elementor/#developers Product Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2020-09-16 20:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-20406

Mitre link : CVE-2020-20406

CVE.ORG link : CVE-2020-20406


JSON object : View

Products Affected

elementor

  • elementor_page_builder
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')