How severe is CVE-2024-8680?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-8680?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2024-8680

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-80

View all →

Vulnerability Description

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE-2024-54001

MEDIUM

CVSS:5.5(Medium)

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date...

CWE-802024

CVE-2017-20034

MEDIUM

CVSS:5.4(Medium)

A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site...

CWE-802017

CVE-2017-20035

MEDIUM

CVSS:5.4(Medium)

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation...

CWE-802017

CVE-2017-20036

MEDIUM

CVSS:5.4(Medium)

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cros...

CWE-802017

CVE-2017-20043

MEDIUM

CVSS:5.4(Medium)

A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persi...

CWE-802017

CVE-2017-20044

MEDIUM

CVSS:5.4(Medium)

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is po...

CWE-802017

CVE-2024-8680

Vulnerability Description

Related Vulnerabilities

CVE-2024-54001

CVE-2017-20034

CVE-2017-20035

CVE-2017-20036

CVE-2017-20043

CVE-2017-20044