The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/02796da0-218d-4cbb-98ca-49eeea83cac5/ | Exploit Third Party Advisory |
Configurations
History
07 Oct 2024, 15:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/02796da0-218d-4cbb-98ca-49eeea83cac5/ - Exploit, Third Party Advisory | |
First Time |
Squirrly starbox
Squirrly |
|
CWE | CWE-79 | |
CPE | cpe:2.3:a:squirrly:starbox:*:*:*:*:*:wordpress:*:* |
01 Oct 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-30 06:15
Updated : 2024-10-07 15:48
NVD link : CVE-2024-8239
Mitre link : CVE-2024-8239
CVE.ORG link : CVE-2024-8239
JSON object : View
Products Affected
squirrly
- starbox
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')