CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CodeUs Ultimate Client Dash ulimate-client-dash allows Stored XSS.This issue affects Ultimate Client Dash: from n/a through <= 4.7.
Explanation of Vulnerability in Simple Terms
Ultimate Client Dash versions 4.7 and earlier contain a cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts. An attacker with high-level privileges can craft a request that, when a user visits an affected page, executes arbitrary JavaScript in their browser. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
What an attacker can do
Inject and execute malicious JavaScript in users' browsers to steal sessions or perform unauthorized actions.
Potential impact on your site
Administrators' accounts could be compromised if they visit a malicious link, potentially leading to site takeover or data theft.
Conditions required to exploit
Attacker must have administrator-level access and the victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities
