Cross Site Scripting Vulnerability in LyLme_spage
CVE-2024-36674

6.1MEDIUM

Key Information:

Vendor: LyLme
Vendor: CVE Published:; 3 June 2024

Summary

The LyLme_spage version 1.9.5 contains a Cross Site Scripting (XSS) vulnerability accessible through the admin/link.php endpoint. This flaw allows attackers to inject malicious scripts into web pages viewed by unsuspecting users, compromising the integrity and confidentiality of user data. Implementing proper validation and sanitization measures is essential to mitigate the risks associated with this vulnerability and secure the application against exploitation.

References

https://github.com/LyLme/lylme_spage/issues/91

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 3, 2024