CVE-2024-5799

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:cminds:cm_popup:*:*:*:*:*:wordpress:*:*

History

26 Sep 2024, 20:39

Type Values Removed Values Added
CPE cpe:2.3:a:cminds:cm_popup:*:*:*:*:*:wordpress:*:*
CWE CWE-79
First Time Cminds cm Popup
Cminds
References () https://wpscan.com/vulnerability/3ee3023a-541c-40e6-8d62-24b4b110633c/ - () https://wpscan.com/vulnerability/3ee3023a-541c-40e6-8d62-24b4b110633c/ - Exploit, Third Party Advisory

12 Sep 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

12 Sep 2024, 12:35

Type Values Removed Values Added
Summary
  • (es) El complemento CM Pop-Up Banners para WordPress anterior a la versión 1.7.3 no desinfecta ni escapa de algunos de sus campos emergentes, lo que podría permitir que usuarios con altos privilegios como los colaboradores realicen ataques de cross site scripting.

12 Sep 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 06:15

Updated : 2024-09-26 20:39


NVD link : CVE-2024-5799

Mitre link : CVE-2024-5799

CVE.ORG link : CVE-2024-5799


JSON object : View

Products Affected

cminds

  • cm_popup
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')