Stored Cross-Site Scripting Vulnerability in Agency Dominion Fusion
CVE-2024-37962

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Fusion
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2024-37962 is a critical Stored Cross-Site Scripting (XSS) vulnerability found in the Agency Dominion Fusion web application. This vulnerability allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized access to sensitive user data and session hijacking. The issue affects Fusion versions ranging from an unspecified number up to 1.6.1. It represents a significant security flaw that could be exploited by attackers to compromise the integrity of affected web applications.

Affected Version(s)

Fusion <= 1.6.1

References

https://patchstack.com/database/wordpress/plugin/fusion/v...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Jun 10, 2024

Credit

emad (Patchstack Alliance)

savphill (Patchstack Alliance)