CVE-2024-47374

Published Oct 5, 2024

Last updated a month ago

CVSS high 7.1

Overview

Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2.
Source: audit@patchstack.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.1
Impact score: 3.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Severity: HIGH

Weaknesses

audit@patchstack.com: CWE-79

Hype score: Not currently trending

Actively exploited CVE : CVE-2024-47374
@transilienceai
12 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
10 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
8 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
5 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
4 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
30 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
29 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A newly discovered high-severity vulnerability in the LiteSpeed Cache plugin (CVE-2024-47374) could allow attackers to execute arbitrary JavaScript code, leading to potential site takeovers. Update to version 6.5.1 immediately! https://t.co/6GhpgF11zo
@Shift6Security
27 Oct 2024
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-47374
@transilienceai
25 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-47374
@transilienceai
23 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Understanding the Stored XSS vulnerability (CVE-2024-47374) in the LiteSpeed Cache Plugin for WordPress is essential for protecting your sites. This vulnerability can lead to serious exploitation risks. 👉 Read our article: https://t.co/KBvrBzXHz9 #cybersecurity #infosec #CVE
@OstorlabSec
45 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47374
https://patchstack.com/database/vulnerability/litespeed-cache/wordpress-litespeed-cache-plugin-6-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

References