CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3.
Explanation of Vulnerability in Simple Terms
A cross-site scripting (XSS) vulnerability in Faraz SMS Professional Plugin versions up to 2.7.3 allows an attacker to inject malicious scripts that execute in users' browsers. The vulnerability requires user interaction, such as clicking a malicious link. An attacker can steal session cookies, redirect users, or perform actions on their behalf within the site.
What an attacker can do
Inject malicious scripts that run in users' browsers to steal data or perform unauthorized actions.
Potential impact on your site
Site visitors can be compromised; attackers may steal admin sessions or modify site content via victim browsers.
Conditions required to exploit
No authentication required. Victim must click a malicious link or visit an attacker-controlled page.
Key dates
External resources
Related vulnerabilities
