What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
Explanation of Vulnerability in Simple Terms
The Notification for Telegram plugin contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into the application. An attacker can craft a malicious link or page that, when visited by a site user, executes arbitrary JavaScript in their browser. This can lead to session hijacking, credential theft, or defacement. The vulnerability affects versions up to 3.5.
What an attacker can do
Inject and execute malicious JavaScript in a user's browser to steal session cookies, credentials, or perform actions on their behalf.
Potential impact on your site
Site users visiting malicious links could have their accounts compromised or be redirected to phishing pages; your site's reputation may be damaged.
Conditions required to exploit
A site user must visit a malicious link or page crafted by the attacker; no authentication or special privileges required.
Key dates
External resources
Related vulnerabilities