CVE-2024-7127

Improper Neutralization of Input During Web Page Generation vulnerability in Stackposts Social Marketing Tool allows Cross-site Scripting (XSS) attack. By submitting the payload in the username during registration, it can be executed later in the application panel. This could lead to the unauthorised acquisition of information (e.g. cookies from a logged-in user). After multiple attempts to contact the vendor we did not receive any answer. Our team has confirmed the existence of this vulnerability. We suppose this issue affects Social Marketing Tool in all versions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:stackposts:social_marketing_tool:-:*:*:*:*:*:*:*

History

23 Aug 2024, 14:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References () https://cert.pl/en/posts/2024/07/CVE-2024-7127/ - () https://cert.pl/en/posts/2024/07/CVE-2024-7127/ - Third Party Advisory
References () https://cert.pl/posts/2024/07/CVE-2024-7127/ - () https://cert.pl/posts/2024/07/CVE-2024-7127/ - Third Party Advisory
References () https://codecanyon.net/comments/30802802 - () https://codecanyon.net/comments/30802802 - Product
References () https://stackposts.com/product/stackposts-social-marketing-tool-1 - () https://stackposts.com/product/stackposts-social-marketing-tool-1 - Product
First Time Stackposts social Marketing Tool
Stackposts
CPE cpe:2.3:a:stackposts:social_marketing_tool:-:*:*:*:*:*:*:*

30 Jul 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web en Stackposts Social Marketing Tool que permite ataques de Cross-site Scripting (XSS). Al enviar el payload en el nombre de usuario durante el registro, se puede ejecutar más tarde en el panel de la aplicación. Esto podría llevar a la adquisición no autorizada de información (por ejemplo, cookies de un usuario conectado). Después de varios intentos de contactar al proveedor, no recibimos ninguna respuesta. Nuestro equipo ha confirmado la existencia de esta vulnerabilidad. Suponemos que este problema afecta a Social Marketing Tool en todas las versiones.

30 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 12:15

Updated : 2024-08-23 14:00


NVD link : CVE-2024-7127

Mitre link : CVE-2024-7127

CVE.ORG link : CVE-2024-7127


JSON object : View

Products Affected

stackposts

  • social_marketing_tool
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')