What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8.
Explanation of Vulnerability in Simple Terms
Advanced Scrollbar versions 1.1.8 and earlier contain a privilege escalation vulnerability. An authenticated user with low privileges can read sensitive data, modify site content, or disrupt service. The vulnerability requires network access and valid login credentials but no additional user interaction. Update to a version newer than 1.1.8 immediately.
What an attacker can do
Read sensitive data, modify content, or disrupt service with a low-privilege account.
Potential impact on your site
Authenticated users can escalate privileges to read/modify data or disable the site.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources