What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.1.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.1.3.
Explanation of Vulnerability in Simple Terms
Widget Options versions 4.1.3 and earlier contain a code injection vulnerability that allows authenticated users to inject and execute arbitrary code on the site. The vulnerability requires user interaction and can affect the entire site's confidentiality, integrity, and availability. Site administrators should update immediately to a version newer than 4.1.3.
What an attacker can do
Run arbitrary code on the site with the privileges of the authenticated user.
Potential impact on your site
Attackers with user accounts can compromise your entire site, steal data, modify content, or take the site offline.
Conditions required to exploit
Attacker must have a low-privilege user account and trick a user into visiting a malicious page.
Key dates
External resources