CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
Explanation of Vulnerability in Simple Terms
CountDown With Image or Video Background versions 1.5 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in visitors' browsers when they view an affected page. The vulnerability requires user interaction—typically a victim clicking a malicious link—and can affect other users on the site. Update to a version newer than 1.5.
What an attacker can do
Inject malicious scripts that run in visitors' browsers and steal session cookies or redirect users.
Potential impact on your site
Visitors' browsers can be compromised; attackers may steal login tokens or deface content seen by users.
Conditions required to exploit
No authentication required. Victim must click a malicious link or visit a crafted page.
Key dates
External resources
Related vulnerabilities
