#ExploitObserverAlert
CVE-2024-2466
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-2466. libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).
FIRST-EPSS: 0.000450000
CVE-2024-2466
DESCRIPTION: Exploit Observer has 9 entries in 3 file formats related to CVE-2024-2466. libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2024-22025
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2024-22025. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.
FIRST-EPSS: 0.000430000
CVE-2024-22025
DESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2024-22025. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2389
DESCRIPTION: Exploit Observer has 168 entries in 22 file formats related to CVE-2024-2389. In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
FIRST-EPSS: 0.000430000
CVE-2024-2389
DESCRIPTION: Exploit Observer has 168 entries in 22 file formats related to CVE-2024-2389. In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-28253
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000440000
CVE-2024-28253
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000440000
#ExploitObserverAlert
CVE-2024-2631
DESCRIPTION: Exploit Observer has 24 entries in 5 file formats related to CVE-2024-2631. Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
CVE-2024-2631
DESCRIPTION: Exploit Observer has 24 entries in 5 file formats related to CVE-2024-2631. Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
FIRST-EPSS: 0.000450000
NVD-IS: 1.4
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-2630
DESCRIPTION: Exploit Observer has 128 entries in 17 file formats related to CVE-2024-2630. Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-2630
DESCRIPTION: Exploit Observer has 128 entries in 17 file formats related to CVE-2024-2630. Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000450000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-23235
DESCRIPTION: Exploit Observer has 16 entries in 2 file formats related to CVE-2024-23235. A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000000000
CVE-2024-23235
DESCRIPTION: Exploit Observer has 16 entries in 2 file formats related to CVE-2024-23235. A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-27919
DESCRIPTION: Exploit Observer has 14 entries in 5 file formats related to CVE-2024-27919. Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
FIRST-EPSS: 0.000000000
CVE-2024-27919
DESCRIPTION: Exploit Observer has 14 entries in 5 file formats related to CVE-2024-27919. Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2019-25210
DESCRIPTION: Exploit Observer has 27 entries in 8 file formats related to CVE-2019-25210. An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
FIRST-EPSS: 0.000000000
CVE-2019-25210
DESCRIPTION: Exploit Observer has 27 entries in 8 file formats related to CVE-2019-25210. An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2022-34321
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2022-34321. Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials. This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0. The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed. 2.10 Pulsar Proxy users should upgrade to at least 2.10.6. 2.11 Pulsar Proxy users should upgrade to at least 2.11.3. 3.0 Pulsar Proxy users should upgrade to at least 3.0.2. 3.1 Pulsar Proxy users should upgrade to at least 3.1.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses.
FIRST-EPSS: 0.000000000
CVE-2022-34321
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2022-34321. Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials. This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0. The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed. 2.10 Pulsar Proxy users should upgrade to at least 2.10.6. 2.11 Pulsar Proxy users should upgrade to at least 2.11.3. 3.0 Pulsar Proxy users should upgrade to at least 3.0.2. 3.1 Pulsar Proxy users should upgrade to at least 3.1.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-2398
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2024-2398. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
FIRST-EPSS: 0.000450000
CVE-2024-2398
DESCRIPTION: Exploit Observer has 9 entries in 2 file formats related to CVE-2024-2398. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.
FIRST-EPSS: 0.000450000
#ExploitObserverAlert
CVE-2023-3454
DESCRIPTION: Exploit Observer has 34 entries in 9 file formats related to CVE-2023-3454. Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
FIRST-EPSS: 0.000000000
CVE-2023-3454
DESCRIPTION: Exploit Observer has 34 entries in 9 file formats related to CVE-2023-3454. Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2023-50677
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-50677. An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.
FIRST-EPSS: 0.000000000
CVE-2023-50677
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-50677. An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-2626
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2024-2626. Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 2.8
CVE-2024-2626
DESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2024-2626. Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 2.8
#ExploitObserverAlert
CVE-2024-1664
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1664. The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
FIRST-EPSS: 0.000000000
CVE-2024-1664
DESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1664. The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-2511
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-2511. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
FIRST-EPSS: 0.000000000
CVE-2024-2511
DESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-2511. Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-27983
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-27983. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
FIRST-EPSS: 0.000000000
CVE-2024-27983
DESCRIPTION: Exploit Observer has 10 entries in 3 file formats related to CVE-2024-27983. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2023-7164
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2023-7164. The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
FIRST-EPSS: 0.000000000
CVE-2023-7164
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2023-7164. The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
FIRST-EPSS: 0.000000000
#ExploitObserverAlert
CVE-2024-2879
DESCRIPTION: Exploit Observer has 32 entries in 8 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 3.9
CVE-2024-2879
DESCRIPTION: Exploit Observer has 32 entries in 8 file formats related to CVE-2024-2879. The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
FIRST-EPSS: 0.000000000
NVD-IS: 3.6
NVD-ES: 3.9
#ExploitObserverAlert
CVE-2024-2198
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2198. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000430000
CVE-2024-2198
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2198. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
FIRST-EPSS: 0.000430000
#ExploitObserverAlert
CVE-2024-2039
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2039. The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000
CVE-2024-2039
DESCRIPTION: Exploit Observer has 4 entries in 1 file formats related to CVE-2024-2039. The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
FIRST-EPSS: 0.000430000