Reflected Cross-site Scripting Vulnerability in Eniture Technology Distance Based Shipping Calculator
CVE-2024-56301
7.1HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 13 January 2025
Summary
A reflected Cross-site Scripting (XSS) vulnerability exists in the Distance Based Shipping Calculator developed by Eniture Technology. This flaw arises from improper neutralization of user inputs during web page generation, potentially allowing attackers to inject malicious scripts into the application. Successful exploitation could enable unauthorized redirection of users or theft of sensitive information. The vulnerable versions include all releases up to 2.0.21, necessitating immediate attention for users to ensure their sites remain secure.
Affected Version(s)
Distance Based Shipping Calculator <= 2.0.21
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
LVT-tholv2k (Patchstack Alliance)