CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through <= 1.6.
Explanation of Vulnerability in Simple Terms
Magic Responsive Slider and Carousel versions 1.6 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in visitors' browsers when they view pages containing the slider. The vulnerability requires user interaction and can affect other users on the site. Update the plugin immediately to a version newer than 1.6.
What an attacker can do
Inject malicious scripts that run in visitors' browsers and steal session data or perform actions on their behalf.
Potential impact on your site
Visitors' browsers can be compromised; attackers may steal credentials, inject malware, or deface content.
Conditions required to exploit
Attacker needs network access; victim must visit a page with the vulnerable slider component.
Key dates
External resources
Related vulnerabilities
