← Zuruck zu CVEs
CVE-2024-7127
MEDIUM6.1
Beschreibung
Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht7/30/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
stackposts:social_marketing_tool
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://cert.pl/en/posts/2024/07/CVE-2024-7127/(cvd@cert.pl)
https://cert.pl/posts/2024/07/CVE-2024-7127/(cvd@cert.pl)
https://codecanyon.net/comments/30802802(cvd@cert.pl)
https://cert.pl/en/posts/2024/07/CVE-2024-7127/(af854a3a-2127-422b-91ae-364da2661108)
https://cert.pl/posts/2024/07/CVE-2024-7127/(af854a3a-2127-422b-91ae-364da2661108)
https://codecanyon.net/comments/30802802(af854a3a-2127-422b-91ae-364da2661108)
https://stackposts.com/product/stackposts-social-marketing-tool-1(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.