CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codefish Pinterest Pinboard Widget pinterest-pinboard-widget allows Stored XSS.This issue affects Pinterest Pinboard Widget: from n/a through <= 1.0.7.
Explanation of Vulnerability in Simple Terms
The Pinterest Pinboard Widget for codefish contains a cross-site scripting (XSS) vulnerability in versions up to 1.0.7. An authenticated user can inject malicious scripts that execute in other users' browsers when they view affected pages. The vulnerability requires user interaction and can affect confidentiality, integrity, and availability across the site.
What an attacker can do
Inject malicious scripts that run in other users' browsers to steal data, modify content, or perform actions on their behalf.
Potential impact on your site
Authenticated users can inject scripts affecting other visitors; attackers may steal credentials, deface content, or compromise user sessions.
Conditions required to exploit
Attacker must have a low-privilege account and trick a user into visiting a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities
