CVE-2021-24298

Опубликовано: 24 мая 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Ссылки

https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91
Exploit
Third Party Advisory
https://codevigilant.com/disclosure/2021/wp-plugin-giveasap-xss/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/30aebded-3eb3-4dda-90b5-12de5e622c91
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibenic:simple_giveaways:*:*:*:*:*:wordpress:*:*

Версия до 2.36.2 (исключая)

EPSS

Процентиль: 94%

0.13939

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jw46-grq7-cw4w

github

больше 3 лет назад