CVE-2024-29795: WordPress Media Cloud for Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.5.24 - Cross Site Scripting (XSS) vulnerability
First published: Wed Mar 27 2024(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Interfacelab Media Cloud for Amazon S3 | <=4.5.24 | |
| WordPress Media Cloud for Amazon S3 | <=4.5.24 | |
| Cloudflare R2 | ||
| Google Cloud | ||
| DigitalOcean Spaces |
Remedy
Update to 4.5.25 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-29795?
CVE-2024-29795 has been rated as a medium severity vulnerability due to its potential for stored cross-site scripting attacks.
How do I fix CVE-2024-29795?
To fix CVE-2024-29795, upgrade the affected software to the latest version that addresses this vulnerability.
Which products are affected by CVE-2024-29795?
CVE-2024-29795 affects Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces, and other related products.
What type of vulnerability is CVE-2024-29795?
CVE-2024-29795 is a cross-site scripting (XSS) vulnerability associated with improper neutralization of user input.
How can CVE-2024-29795 impact my website?
If exploited, CVE-2024-29795 can allow attackers to inject malicious scripts into web pages viewed by users, potentially compromising their data.
- agent/remedy
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/interfacelab
- canonical/interfacelab media cloud for amazon s3
- vendor/wordpress
- canonical/wordpress media cloud for amazon s3
- vendor/cloudflare
- canonical/cloudflare r2
- vendor/google
- canonical/google cloud
- vendor/digitalocean
- canonical/digitalocean spaces