← Volver a CVEs

CVE-2024-7127

MEDIUM

6.1

Descripcion

Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.

Detalles CVE

Puntuacion CVSS v3.16.1

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado7/30/2024

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

stackposts:social_marketing_tool

Debilidades (CWE)

CWE-79CWE-79

Referencias

https://cert.pl/en/posts/2024/07/CVE-2024-7127/(cvd@cert.pl)

https://cert.pl/posts/2024/07/CVE-2024-7127/(cvd@cert.pl)

https://codecanyon.net/comments/30802802(cvd@cert.pl)

https://stackposts.com/product/stackposts-social-marketing-tool-1(cvd@cert.pl)

https://cert.pl/en/posts/2024/07/CVE-2024-7127/(af854a3a-2127-422b-91ae-364da2661108)

https://cert.pl/posts/2024/07/CVE-2024-7127/(af854a3a-2127-422b-91ae-364da2661108)

https://codecanyon.net/comments/30802802(af854a3a-2127-422b-91ae-364da2661108)

https://stackposts.com/product/stackposts-social-marketing-tool-1(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.