CVSS Summary
Score | 5.8 Medium |
---|---|
Vector | Network |
Complexity | Medium |
Authentication | None |
Confidentiality | Partial |
Integrity | Partial |
Availability | None |
Last revised:
Tootipy contains reflected XSS in the [kttg_glossary]
shortcode meaning that admin users’ browsers can be hijacked by anybody who sends them a link. The hijacked browser can be made to do almost anything an admin user can normally do.
Current state: Fixed
Score | 5.8 Medium |
---|---|
Vector | Network |
Complexity | Medium |
Authentication | None |
Confidentiality | Partial |
Integrity | Partial |
Availability | None |
[kttg_glossary]
shortcode?cat='><script>alert(1)</script>
Upgrade to version 5.1 or later.