CVE-2024-6408

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Configurations

No configuration.

History

01 Aug 2024, 14:00

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) El complemento Slider by 10Web WordPress anterior a 1.2.57 no sanitiza ni escapa a su título de control deslizante, lo que podría permitir a usuarios con altos privilegios, como editores y superiores, realizar ataques de cross site scripting incluso cuando unfiltered_html no está permitido.

31 Jul 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-31 06:15

Updated : 2024-08-01 14:00


NVD link : CVE-2024-6408

Mitre link : CVE-2024-6408

CVE.ORG link : CVE-2024-6408


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')