What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
Explanation of Vulnerability in Simple Terms
Classified Listing through version 5.4.2 contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into the site. An attacker can craft a malicious link that, when clicked by a site visitor, executes arbitrary JavaScript in the victim's browser. This can lead to session hijacking, credential theft, or defacement. The vulnerability affects all users who click a crafted link.
What an attacker can do
Inject and execute malicious JavaScript in visitors' browsers to steal sessions, credentials, or deface content.
Potential impact on your site
Visitors clicking attacker-controlled links may have sessions hijacked or credentials stolen; site reputation at risk.
Conditions required to exploit
Attacker must trick a site visitor into clicking a malicious link (no authentication required).
Key dates
External resources
Related vulnerabilities