CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionNVD
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.
AnalysisAI
DOM-based cross-site scripting in PenciDesign Penci Shortcodes & Performance plugin versions 6.1 and earlier allows authenticated attackers to inject malicious scripts that execute in users' browsers. An attacker with user-level privileges can exploit improper input neutralization during page generation to steal session cookies, perform unauthorized actions, or deface content for affected users. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today