Stored XSS Vulnerability in GD Rating System
CVE-2024-25093

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Gd Rating System
Vendor: CVE Published:; 29 February 2024

Summary

The GD Rating System developed by Milan Petrovic is susceptible to a significant vulnerability that permits stored cross-site scripting (XSS) attacks due to improper neutralization of inputs during web page generation processes. This issue, affecting all versions from n/a through 3.5, allows attackers to inject malicious scripts that can be stored and executed in the user's browser, compromising the security and integrity of the application as well as potentially leading to data theft and unauthorized actions performed on behalf of legitimate users.

Affected Version(s)

GD Rating System <= 3.5

References

https://patchstack.com/database/vulnerability/gd-rating-s...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 5, 2024

Credit

Joshua Chan (Patchstack Alliance)