Cross-site Scripting (XSS) Vulnerability in Cornerstone
CVE-2024-28002
7.1HIGH
What is CVE-2024-28002?
The identified vulnerability in Archetyped's Cornerstone plugin pertains to improper neutralization of input during web page generation, enabling a reflected Cross-site Scripting (XSS) attack. This vulnerability may allow an attacker to inject malicious scripts into web pages viewed by users. Those using Cornerstone versions from n/a up to 0.8.0 are at risk, as the vulnerability permits an attacker to execute arbitrary JavaScript in the context of a user’s web session. Proper input validation and sanitization measures must be implemented to mitigate this risk.
Affected Version(s)
Cornerstone <= 0.8.0