What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
Explanation of Vulnerability in Simple Terms
Social Slider Feed versions up to 2.3.2 contain a stored cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in the browsers of site visitors and administrators. The vulnerability requires user interaction to trigger and can affect multiple users across the site. Update to a version newer than 2.3.2 to remediate.
What an attacker can do
Inject malicious scripts that run in visitors' browsers, stealing cookies, session tokens, or performing actions on their behalf.
Potential impact on your site
Visitors and admins may have their sessions hijacked, credentials stolen, or be redirected to malicious sites.
Conditions required to exploit
No authentication required. A victim must visit a page containing the injected payload.
Key dates
External resources
Related vulnerabilities