Icegram Engage
CVE-2023-51532
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.
AnalysisAI
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.1.19. Affected products include: Icegram Icegram Engage. Version information: through 3.1.19..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Icegram Engage
View allThe Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute,
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow h
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow h
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin - Icegram (versions <= 2.0.2) vulnerable at "Headline"
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. Rated medium severity (CVSS 5.4), this vulnerabilit
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which coul
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today