Reflected XSS Vulnerability in Action Network
CVE-2024-25921

7.1HIGH

Key Information:

Vendor: WordPress
Status: Action Network
Vendor: CVE Published:; 15 March 2024

What is CVE-2024-25921?

A reflected Cross-site Scripting (XSS) vulnerability exists in the Action Network application developed by Concerted Action. This vulnerability results from improper neutralization of input during web page generation, allowing attackers to inject malicious scripts into web pages viewed by users. As a result, when a user accesses an affected version of Action Network, attackers can execute arbitrary scripts in the context of the user's session, potentially compromising sensitive information and user interactions. The vulnerability affects all versions from n/a up to 1.4.2, underscoring the need for immediate attention and remediation.

Affected Version(s)

Action Network <= 1.4.2

References

https://patchstack.com/database/vulnerability/wp-action-n...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Mika (Patchstack Alliance)