Stored XSS Vulnerability in Z Y N I T H
CVE-2024-32562

8.6HIGH

Key Information:

Vendor: WordPress
Status: Z Y N I T H
Vendor: CVE Published:; 18 April 2024

Summary

The vulnerability identified in VIICTORY MEDIA LLC's Z Y N I T H software stems from an improper neutralization of input during web page generation, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. This affects versions of the product starting from an unspecified point up to and including version 7.4.9. This issue allows attackers to inject malicious scripts into pages viewed by users, which can lead to unauthorized actions being performed on behalf of the affected user, exposing sensitive data and compromising user integrity.

Affected Version(s)

Z Y N I T H <= 7.4.9

References

https://patchstack.com/database/vulnerability/zynith-seo/...

vdb-entry

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2024

Credit

Dave Jong (Patchstack)