How severe is CVE-2024-7489?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-7489?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-7489

MEDIUM Year: 2024

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2018-1000062

MEDIUM

CVSS:4.4(Medium)

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbit...

CWE-792018

CVE-2019-14759

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Ra...

CWE-792019

CVE-2019-14760

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder applic...

CWE-792019

CVE-2019-14761

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. A...

CWE-792019

CVE-2020-14445

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Manage...

CWE-792020

CVE-2020-4768

MEDIUM

CVSS:4.4(Medium)

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

CWE-792020

CVE-2024-7489

Vulnerability Description

Related Vulnerabilities

CVE-2018-1000062

CVE-2019-14759

CVE-2019-14760

CVE-2019-14761

CVE-2020-14445

CVE-2020-4768