CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Inboxify Inboxify Sign Up Form inboxify-sign-up-form allows Stored XSS.This issue affects Inboxify Sign Up Form: from n/a through <= 1.0.4.
Explanation of Vulnerability in Simple Terms
Inboxify Sign Up Form versions 1.0.4 and earlier contain a cross-site scripting (XSS) vulnerability. An authenticated user with high privileges can inject malicious scripts that execute in other users' browsers when they interact with the form. The vulnerability requires user interaction to trigger. Affected sites should update to a version newer than 1.0.4.
What an attacker can do
Inject malicious scripts that run in other users' browsers when they view or interact with the form.
Potential impact on your site
An admin could inject scripts affecting other users' sessions, potentially stealing data or performing unauthorized actions on their behalf.
Conditions required to exploit
Attacker must have high-level admin privileges and the victim must click a link or visit a page containing the malicious payload.
Key dates
External resources
Related vulnerabilities
