What the vulnerability does
01Description
Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2.
Explanation of Vulnerability in Simple Terms
Visual Builder versions up to 1.2.2 lack proper authorization checks, allowing an attacker to perform unauthorized actions if a user visits a malicious link. The vulnerability affects confidentiality, integrity, and availability of the site. Update to a version newer than 1.2.2 to remediate.
What an attacker can do
Perform unauthorized actions on the site by tricking a user into visiting a malicious link.
Potential impact on your site
An attacker can modify site content, access sensitive data, or disrupt site functionality via social engineering.
Conditions required to exploit
User must click a link or visit a page controlled by the attacker; no authentication required.
Key dates
External resources