What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.12.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.12.
Explanation of Vulnerability in Simple Terms
JetTabs versions 2.2.12 and earlier contain a stored cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in the browsers of other site visitors, including administrators. The vulnerability requires user interaction to trigger. Attackers can steal session tokens, modify page content, or perform actions on behalf of affected users.
What an attacker can do
Inject malicious scripts that run in other users' browsers and steal their session data or perform actions as them.
Potential impact on your site
Authenticated attackers can compromise admin accounts and other users through stored XSS, potentially leading to site takeover.
Conditions required to exploit
Attacker must have a low-privilege user account and the victim must visit a page containing the injected payload.
Key dates
External resources