Description

The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.

Remediation

References

CVE-2024-21730

Related Vulnerabilities

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)

Joomla! Core 4.x.x Security Bypass (4.0.0 - 4.2.7)

WordPress Plugin bbPress Multiple Vulnerabilities (2.6.4)

Oracle Application Server Other Vulnerability (CVE-2004-1362)

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)

Severity

Medium

Classification

CVE-2024-21730 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities