WordPress ParcelPanel plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43163
7.1HIGH
What is CVE-2024-43163?
The vulnerability involves improper neutralization of input during the generation of web pages, leading to a reflected cross-site scripting (XSS) issue in Parcel Panel. Attackers can exploit this vulnerability to inject malicious scripts into web pages viewed by users. This could allow unauthorized actions to be performed on behalf of unsuspecting users, potentially compromising sensitive information or the security of user accounts. The affected version of ParcelPanel is up to 4.3.2.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ParcelPanel <= 4.3.2
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Credit
Le Ngoc Anh (Patchstack Alliance)