FormFacade vulnerable to Cross-site Scripting (XSS)
CVE-2024-54301
7.1HIGH
Summary
The vulnerability arises from improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) issue in FormFacade. This can allow attackers to inject malicious scripts into web pages viewed by users. Users interacting with affected versions may unknowingly execute harmful scripts, potentially compromising sensitive information and user sessions.
Affected Version(s)
FormFacade <= 1.3.6
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
thiennv (Patchstack Alliance)