Reflected XSS Vulnerability in Link Library
CVE-2024-38711

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Link Library
Vendor: CVE Published:; 20 July 2024

Summary

A vulnerability exists in the Link Library developed by Yannick Lefebvre, resulting from improper input neutralization during the web page generation process. This Cross-Site Scripting (XSS) flaw allows attackers to execute arbitrary JavaScript code within the context of a user's session. The reflected nature of this XSS vulnerability enables an attacker to craft a malicious URL that, when accessed by a user, can lead to unauthorized actions or data theft. The issue affects Link Library leading up to version 7.7.1, emphasizing the need for users to update their installations to mitigate potential risks. For validation and further information, consult the official vulnerability database.

Affected Version(s)

Link Library <= 7.7.1

References

https://patchstack.com/database/vulnerability/link-librar...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2024
Vulnerability Reserved
Jun 19, 2024

Credit

LVT-tholv2k (Patchstack Alliance)