What the vulnerability does
01Description
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
Explanation of Vulnerability in Simple Terms
JetReviews contains a cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject malicious scripts. The vulnerability requires user interaction—typically clicking a crafted link—and affects the site's scope beyond the vulnerable component. An attacker with low privileges can inject code that compromises other users' sessions or steals data.
What an attacker can do
Inject malicious scripts that execute in other users' browsers and steal their session data or credentials.
Potential impact on your site
Authenticated users' accounts and data are at risk if they interact with attacker-controlled content on your site.
Conditions required to exploit
Attacker must have a low-privilege account and trick a user into clicking a malicious link or visiting a crafted page.
Key dates
External resources
Related vulnerabilities