The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
History

Thu, 08 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 04:45:00 +0000

Type Values Removed Values Added
Description The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-08T04:31:33.255Z

Updated: 2024-08-08T13:10:56.800Z

Reserved: 2024-06-05T23:27:52.074Z

Link: CVE-2024-5668

cve-icon Vulnrichment

Updated: 2024-08-08T13:10:49.673Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-08T05:15:50.203

Modified: 2024-08-08T13:04:18.753

Link: CVE-2024-5668

cve-icon Redhat

No data.