Reflected Cross-Site Scripting (XSS) Vulnerability in Restaurant Reservations Widget
CVE-2024-48023

7.1HIGH

Key Information:

Vendor: WordPress
Status: Restaurant Reservations Widget
Vendor: CVE Published:; 17 October 2024

Summary

A Cross-site Scripting (XSS) vulnerability exists in the Restaurant Reservations Widget developed by RestaurantConnect, Inc. This flaw allows malicious actors to inject scripts into web pages viewed by users. When users interact with the compromised widget, they may unwittingly execute malicious scripts that can hijack session cookies or redirect them to phishing sites. The vulnerability primarily affects versions from n/a through 1.0, indicating that any installations of the widget in these versions are susceptible to this security weakness. Proper input validation measures are crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

Restaurant Reservations Widget <= 1.0

References

https://patchstack.com/database/vulnerability/restaurantc...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

Mika (Patchstack Alliance)