What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8.
Explanation of Vulnerability in Simple Terms
WP Voting versions 1.8 and earlier contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into the site. An attacker can craft a malicious link or page that, when visited by a site user, executes arbitrary JavaScript in the victim's browser. This can lead to session hijacking, credential theft, or defacement.
What an attacker can do
Inject and execute malicious JavaScript in a user's browser to steal session cookies or credentials.
Potential impact on your site
Site users' accounts and data are at risk if they interact with attacker-controlled content while logged in.
Conditions required to exploit
Attacker must trick a site user into clicking a malicious link or visiting a compromised page.
Key dates
External resources