What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions.
Explanation of Vulnerability in Simple Terms
Modula - PRO versions up to 2.10.8 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. The vulnerability requires user interaction—typically clicking a malicious link—and can affect other users viewing the compromised content. An attacker with no authentication can exploit this to steal session cookies, redirect users, or deface site content.
What an attacker can do
Inject malicious JavaScript that runs in other users' browsers when they visit affected pages.
Potential impact on your site
Visitors' browsers can be compromised, leading to credential theft, malware distribution, or site defacement.
Conditions required to exploit
Victim must click a malicious link or visit a page containing the attacker's payload; no authentication required.
Key dates
External resources
Related vulnerabilities