PT-2024-26655 · Unknown · Heateor Social Login

Lvt-Tholv2K

Published

2024-06-08

Updated

2024-08-29

CVE-2024-35706

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Heateor Social Login versions 1.1.32 and earlier

Description The issue affects Heateor Social Login, allowing Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. This enables attackers to inject malicious scripts into web pages.

Recommendations For Heateor Social Login versions 1.1.32 and earlier, update to a version later than 1.1.32 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of Cross-Site Scripting (XSS) attacks.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-35706

Affected Products

Heateor Social Login

PT-2024-26655 · Unknown · Heateor Social Login

CVE-2024-35706

Weakness Enumeration

Related Identifiers

Affected Products

References · 6