Simple Custom CSS and JS <= 3.3 is vulnerable to Authenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated

Published
2017-07-24

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE

https://www.cve.org/CVERecord?id=CVE-2017-2285

CVSS

Score:6.1

Severity:Medium

Version: 3.3

There is a patch available in v3.4 and we strongly recommend you update to this version as soon as possible.