CVE-2024-52486

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 2, 2024
CWE ID 79

Summary

CVE-2024-52486 is a Cross-site Scripting (XSS) vulnerability affecting the SolverWP Elementor Portfolio Builder. The flaw, which permits DOM-Based XSS, is due to improper neutralization of user input during web page generation. This issue poses a significant security risk as an attacker could inject malicious scripts into a webpage, potentially stealing sensitive user data or taking control of user sessions. The vulnerability affects versions of Elementor Portfolio Builder from n/a through 1.0.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share