Brave Popup Builder <0.6.9 Stored XSS via Improper Input Neutralization
CVE-2024-35655 Published on June 4, 2024
WordPress Brave – Interactive Content plugin <= 0.6.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave brave-popup-builder allows DOM-Based XSS.This issue affects Brave: from n/a through <= 0.6.9.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2024-35655 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2024-35655
stack.watch emails you whenever new vulnerabilities are published in Getbrave Brave or Brave Popup Builder. Just hit a watch button to start following.
Affected Versions
Brave (WordPress Plugin brave-popup-builder):- Before and including 0.6.9 is affected.
- Before and including 0.6.9 is affected.
- Version 7.0.0 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.