Cross-site Scripting Vulnerability in Themify Audio Dock by Themify
CVE-2024-56239
6.5MEDIUM
Summary
A vulnerability identified in Themify Audio Dock permits stored cross-site scripting (XSS) attacks due to improper neutralization of user input during web page generation. This flaw can allow an attacker to inject malicious scripts into web pages viewed by users, potentially compromising sensitive user data and leading to unwanted actions on behalf of users. The vulnerability affects all versions of Themify Audio Dock up to 2.0.4, making it critical for users of the product to apply necessary security measures to mitigate associated risks.
Affected Version(s)
Themify Audio Dock <= 2.0.4
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO (Patchstack Alliance)