What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
Explanation of Vulnerability in Simple Terms
Automotive Listings versions 18.6 and earlier contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into the application. An attacker can craft a malicious link or page that, when visited by a site user, executes arbitrary JavaScript in the victim's browser. This can lead to session hijacking, credential theft, or defacement.
What an attacker can do
Inject and execute malicious JavaScript in a user's browser to steal session tokens, credentials, or deface content.
Potential impact on your site
Site visitors can be compromised; their sessions hijacked or credentials stolen if they interact with attacker-controlled content.
Conditions required to exploit
Attacker must trick a site user into clicking a malicious link or visiting a compromised page (user interaction required).
Key dates
External resources
Related vulnerabilities