CVE-2024-11325

MEDIUM Year: 2024
CVSS v3 Score
5.2
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Related Vulnerabilities

CVE-2016-10864

MEDIUM
CVSS:5.2(Medium)

NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.

CWE-792016

CVE-2017-18700

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4...

CWE-792017

CVE-2017-18701

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.

CWE-792017

CVE-2017-18715

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 befor...

CWE-792017

CVE-2017-18745

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0...

CWE-792017

CVE-2017-18807

MEDIUM
CVSS:5.2(Medium)

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

CWE-792017