Reflected XSS Vulnerability in Chartify
CVE-2024-47347

7.1HIGH

Key Information:

Vendor: WordPress
Status: Chartify
Vendor: CVE Published:; 6 October 2024

Summary

An improper neutralization of input during web page generation has been identified in Chartify, a product by Chart Builder Team. This vulnerability allows for reflected cross-site scripting (XSS), which can lead to unauthorized script execution in users' browsers. Attackers may exploit this flaw by crafting malicious links that, when accessed, inject harmful scripts into web pages viewed by unsuspecting users. The issue is present in versions of Chartify from n/a to 2.7.6, posing a risk to the integrity of user sessions and potentially compromising sensitive information.

Affected Version(s)

Chartify <= 2.7.6

References

https://patchstack.com/database/vulnerability/chart-build...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)