Stored Cross-Site Scripting Vulnerability in Testimonial Rotator 3.0.3 Allows Privilege Escalation

Stored Cross-Site Scripting Vulnerability in Testimonial Rotator 3.0.3 Allows Privilege Escalation

CVE-2021-24156 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation

Learn more about our User Device Pen Test.