CVE-2024-2702

HIGH

Olive One Click Demo Import < 1.1.1 - Unauthenticated Missing Authorization leading to XSS

Title source: llm
STIX 2.1

Description

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

Scores

CVSS v3 8.2
EPSS 0.0058
EPSS Percentile 43.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
Olive Themes/Olive One Click Demo Import < 1.1.1
olivethemes/olive_one_click_demo_import < 1.1.2
Published Mar 20, 2024
Tracked Since Feb 18, 2026