What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Explanation of Vulnerability in Simple Terms
Media Library Assistant versions 3.35 and earlier contain a cross-site scripting vulnerability. An attacker can inject malicious scripts that execute in a victim's browser when they visit a crafted page or link. The vulnerability requires user interaction and can affect confidentiality, integrity, and availability of the site.
What an attacker can do
Inject malicious scripts that run in visitors' browsers, potentially stealing data or modifying page content.
Potential impact on your site
Visitors could have their sessions hijacked, credentials stolen, or see altered site content depending on the injected payload.
Conditions required to exploit
Victim must click a malicious link or visit an attacker-controlled page; no authentication required.
Key dates
External resources
Related vulnerabilities