CM Tooltip Glossary Vulnerable to Stored XSS
CVE-2024-48041
6.5MEDIUM
Summary
The CM Tooltip Glossary plugin by CreativeMindsSolutions is susceptible to a Stored Cross-site Scripting (XSS) vulnerability, which arises from improper neutralization of user input during web page generation. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access to sensitive information and data manipulation. Affected versions include all versions prior to 4.3.9, posing a significant risk to websites utilizing this plugin. Website administrators are urged to evaluate their installations and apply appropriate security measures to mitigate the risk associated with this vulnerability.
Affected Version(s)
CM Tooltip Glossary <= 4.3.9
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Robert DeVore (Patchstack Alliance)