What the vulnerability does
01Description
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
Explanation of Vulnerability in Simple Terms
The Surbma Yoast SEO Breadcrumb Shortcode plugin through version 1.2 contains a cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts into breadcrumb output by crafting a malicious link or page title. When other users view the affected page, the injected script executes in their browser, potentially allowing the attacker to steal session tokens or perform actions on their behalf.
What an attacker can do
Inject and execute malicious JavaScript in other users' browsers via breadcrumb content.
Potential impact on your site
Authenticated users can inject scripts that execute for other site visitors, risking session hijacking or unauthorized actions.
Conditions required to exploit
Attacker must have a low-privilege user account and a victim must view a page containing the malicious breadcrumb.
Key dates
External resources
Related vulnerabilities