What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Build allows Stored XSS.This issue affects Build: from n/a through 1.0.3.
Explanation of Vulnerability in Simple Terms
A cross-site scripting (XSS) vulnerability in Build versions up to 1.0.3 allows an authenticated user to inject malicious scripts that execute in other users' browsers. The vulnerability requires user interaction—typically clicking a malicious link—and can affect other users on the site. Patch to a version newer than 1.0.3.
What an attacker can do
Inject malicious scripts that run in other users' browsers, potentially stealing session tokens or performing actions on their behalf.
Potential impact on your site
Users' accounts and data are at risk if they interact with attacker-controlled content; session hijacking or unauthorized actions are possible.
Conditions required to exploit
Attacker must have a low-privilege account and trick a user into clicking a malicious link or visiting a crafted page.
Key dates
External resources