CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon goal-tracker-for-patreon allows Stored XSS.This issue affects Goal Tracker for Patreon: from n/a through <= 0.4.6.
Explanation of Vulnerability in Simple Terms
Goal Tracker for Patreon versions 0.4.6 and earlier contain a cross-site scripting (XSS) vulnerability. An authenticated user with high privileges can inject malicious scripts that execute in other users' browsers when they visit affected pages. The vulnerability requires user interaction and can affect the confidentiality, integrity, and availability of the application.
What an attacker can do
Inject malicious scripts that run in other users' browsers to steal data, modify content, or disrupt the application.
Potential impact on your site
Patreon creators using this tracker may have their data compromised or modified by malicious administrators or high-privilege users.
Conditions required to exploit
Attacker must have high-level authentication privileges and the victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities
