XSS Vulnerability in Chamber Dashboard Business Directory Plugin for WordPress
CVE-2020-24699

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Chamber Dashboard Business Directory
Vendor: CVE Published:; 31 August 2020

Summary

The Chamber Dashboard Business Directory plugin version 3.2.8 for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into user inputs. This vulnerability can potentially be exploited to execute arbitrary JavaScript code in the context of authenticated users, compromising the integrity and confidentiality of user data. Website owners are advised to update the plugin to the latest version and implement stringent input validation to mitigate the risk of XSS attacks.

References

https://wordpress.org/plugins/chamber-dashboard-business-...

x_refsource_MISC

https://l0l.xyz/sec/2020/08/31/1-wordpress-crm-xss.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 31, 2020
Vulnerability Reserved
Aug 27, 2020