CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1.
Explanation of Vulnerability in Simple Terms
JetElements For Elementor versions up to 2.7.4.1 contain a stored cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in the browsers of other site visitors, including administrators. The vulnerability requires user interaction—typically a victim clicking a link or visiting a page containing the injected payload. This can lead to account compromise, data theft, or unauthorized site modifications.
What an attacker can do
Inject malicious scripts that run in other users' browsers, potentially stealing credentials or modifying site content.
Potential impact on your site
Authenticated users can inject scripts affecting other visitors and admins; risk of account takeover and unauthorized changes.
Conditions required to exploit
Attacker must have a low-privilege user account; victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities
