← volver
CVE-2024-12302

Icegram Engage < 3.1.32 - Author+ Stored XSS

CVSS 6.1 MEDIUMEPSS 0.3%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · Icegram Engage