How severe is CVE-2024-6810?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-6810?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-6810

MEDIUM Year: 2024

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE-2018-1000062

MEDIUM

CVSS:4.4(Medium)

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbit...

CWE-792018

CVE-2019-14759

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Ra...

CWE-792019

CVE-2019-14760

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder applic...

CWE-792019

CVE-2019-14761

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. A...

CWE-792019

CVE-2020-14445

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Manage...

CWE-792020

CVE-2020-4768

MEDIUM

CVSS:4.4(Medium)

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

CWE-792020

CVE-2024-6810

Vulnerability Description

Related Vulnerabilities

CVE-2018-1000062

CVE-2019-14759

CVE-2019-14760

CVE-2019-14761

CVE-2020-14445

CVE-2020-4768