What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go mobi2go allows Stored XSS.This issue affects Mobi2Go: from n/a through <= 1.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go mobi2go allows Stored XSS.This issue affects Mobi2Go: from n/a through <= 1.0.0.
Explanation of Vulnerability in Simple Terms
Mobi2Go versions up to 1.0.0 contain a cross-site scripting (XSS) vulnerability that allows an authenticated administrator to inject malicious scripts. The vulnerability requires user interaction—typically a victim visiting a crafted page—and can affect other users' sessions and data. The impact is limited to low-severity confidentiality, integrity, and availability breaches.
What an attacker can do
Inject malicious scripts that execute in other users' browsers when they visit affected pages.
Potential impact on your site
A compromised admin account can inject scripts affecting other users' sessions, data, or site functionality.
Conditions required to exploit
Attacker must have high-level privileges (administrator access) and the victim must visit a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities