AndonDesign UDesign vulnerable to Cross-site Scripting (XSS)
CVE-2024-4077

7.1HIGH

Key Information:

Vendor: WordPress
Status: Udesign
Vendor: CVE Published:; 25 April 2024

Summary

A reflected Cross-site Scripting (XSS) vulnerability exists in the AndonDesign UDesign theme. This vulnerability arises from improper neutralization of input during web page generation, allowing an attacker to inject malicious scripts into a web page. When unsuspecting users access the compromised page, the injected scripts are executed in their browser, which can lead to data theft, session hijacking, or other malicious actions. This issue affects UDesign versions from n/a through 4.7.3 and poses a significant risk to the integrity of web applications utilizing this theme.

Affected Version(s)

UDesign <= 4.7.3

References

https://patchstack.com/database/vulnerability/u-design/wo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 25, 2024
Vulnerability Reserved
Apr 23, 2024

Credit

Rafie Muhammad (Patchstack)