Cross-Site Scripting Vulnerability in CoolPlugins Coins MarketCap
CVE-2024-56257
6.5MEDIUM
Summary
A vulnerability exists in CoolPlugins Coins MarketCap due to improper neutralization of user input during web page generation. This flaw opens the door to DOM-based cross-site scripting (XSS) attacks, enabling malicious actors to inject executable scripts into web pages viewed by users. Such vulnerabilities can compromise user data, manipulate site functionality, and escalate security risks. Affected versions include Coins MarketCap from n/a to 5.5.8. Website administrators are advised to implement the necessary updates to mitigate the effects of this vulnerability.
Affected Version(s)
Coins MarketCap <= 5.5.8
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc / truonghuuphuc (Patchstack Alliance)