Elementor Website Builder
Monthly
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in Elementor Website Builder through version 3.35.5, allowing authenticated attackers with low privileges to inject malicious scripts that execute in the context of other users' browsers. An attacker can exploit this via a crafted page or element to steal session cookies, redirect users, or perform actions on their behalf. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), but carries a moderate CVSS score of 6.5 with cross-site impact (S:C), indicating meaningful business risk despite not being unauthenticated.
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in Elementor Website Builder through version 3.35.5, allowing authenticated attackers with low privileges to inject malicious scripts that execute in the context of other users' browsers. An attacker can exploit this via a crafted page or element to steal session cookies, redirect users, or perform actions on their behalf. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), but carries a moderate CVSS score of 6.5 with cross-site impact (S:C), indicating meaningful business risk despite not being unauthenticated.