Gutentor < 3.3.6 Contributor+ Stored XSS Vulnerability (CVE-2024-5417)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: Gutentor < 3.3.6 2. Vulnerability Type: Contributor+ Stored XSS 3. Description: The plugin does not properly validate or escape block options output, allowing users with Contributor or higher roles to execute stored cross-site scripting attacks. 4. Code Example: Plugin code example demonstrating how to insert code in code editing mode to trigger XSS. 5. Affected Plugin: Gutentor 6. References: - CVE ID: CVE-2024-5417 - URL: https://research.cleantalk.org/cve-2024-5417/ 7. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE ID: CWE-79 8. Additional Information: - Original Researcher: Dmitrii Ignatyev - Submitter: Dmitrii Ignatyev - Submitter Website: https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/ - Verified: Yes - WPVDB ID: fb7d6839-9ccb-4a0f-9dca-d6841f666a1b - Published Date: 2024-08-08 - Added Date: 2024-08-08 - Last Updated Date: 2024-08-08 - Related Vulnerabilities: - Target First Plugin 2.0 - Unauthenticated Stored XSS via Licence Key - EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter - Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting - Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting - SupportCandy < 2.2.7 - Reflected Cross-Site Scripting This information provides a detailed description and contextual background regarding the Contributor+ Stored XSS vulnerability in the Gutentor < 3.3.6 plugin.

Goal Reached Thanks to every supporter — we hit 100%!

Gutentor < 3.3.6 Contributor+ Stored XSS Vulnerability (CVE-2024-5417)

More from this source