TRe Technology And Research S.R.L - HQ60 Fidelity Card: Reflected XSS Vulnerability
CVE-2024-51713

7.1HIGH

Key Information:

Vendor: WordPress
Status: Hq60 Fidelity Card
Vendor: CVE Published:; 9 November 2024

Summary

The vulnerability in the HQ60 Fidelity Card, developed by TRe Technology And Research S.R.L, arises from improper neutralization of user inputs during web page generation, leading to reflected cross-site scripting (XSS) incidents. This flaw allows attackers to inject malicious scripts into web pages that are rendered in the users' browsers, potentially compromising sensitive information and security. The vulnerability particularly affects all versions of the HQ60 Fidelity Card from an undisclosed initial release through version 1.8, emphasizing the need for mitigation strategies to protect user data and maintain application integrity.

Affected Version(s)

HQ60 Fidelity Card <= 1.8

References

https://patchstack.com/database/vulnerability/hq60-fideli...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

SOPROBRO (Patchstack Alliance)