What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions.
Explanation of Vulnerability in Simple Terms
Eli's WordCents adSense Widget with Analytics versions up to 1.3.03.27 contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in visitors' browsers when they view pages containing the widget. The vulnerability requires user interaction and can affect multiple users across the site. Update to a version newer than 1.3.03.27 to resolve this issue.
What an attacker can do
Inject malicious scripts that run in visitors' browsers when they view affected pages.
Potential impact on your site
Visitors' browsers can be compromised; their session cookies, form data, or credentials may be stolen.
Conditions required to exploit
Visitor must view a page containing the vulnerable widget; attacker needs network access to inject the payload.
Key dates
External resources
Related vulnerabilities