What the vulnerability does
01Description
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Explanation of Vulnerability in Simple Terms
Structured Content versions up to 1.7.0 contain a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. An attacker with low-level account access can craft a request that, when visited by another user, executes arbitrary JavaScript in their browser. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
What an attacker can do
Inject and execute malicious JavaScript in other users' browsers to steal sessions or perform unauthorized actions.
Potential impact on your site
Authenticated users' accounts and data are at risk if they interact with content crafted by attackers with low-level access.
Conditions required to exploit
Attacker must have a low-privilege account and the victim must visit a page containing the attacker's malicious payload.
Key dates
External resources
Related vulnerabilities