Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN05136799/ | Third Party Advisory |
https://vektor-inc.co.jp/en/update/regarding-vulnerabilities-in-vk-all-in-one-expansion-unit-version-9-100-0-and-earlier/ | Vendor Advisory |
Configurations
History
19 Nov 2024, 15:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Vektor-inc
Vektor-inc vk All In One Expansion Unit |
|
CPE | cpe:2.3:a:vektor-inc:vk_all_in_one_expansion_unit:*:*:*:*:*:wordpress:*:* | |
References | () https://jvn.jp/en/jp/JVN05136799/ - Third Party Advisory | |
References | () https://vektor-inc.co.jp/en/update/regarding-vulnerabilities-in-vk-all-in-one-expansion-unit-version-9-100-0-and-earlier/ - Vendor Advisory |
13 Nov 2024, 17:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-13 06:15
Updated : 2024-11-19 15:57
NVD link : CVE-2024-52268
Mitre link : CVE-2024-52268
CVE.ORG link : CVE-2024-52268
JSON object : View
Products Affected
vektor-inc
- vk_all_in_one_expansion_unit
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')