exploitDog

CVE-2021-24326

Опубликовано: 17 мая 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute.

Ссылки

https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/63d6ca03-e0df-40db-9839-531c13619094
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clogica:all_404_redirect_to_homepage:*:*:*:*:*:wordpress:*:*

Версия до 1.21 (исключая)

EPSS

Процентиль: 56%

0.00332

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8fv5-7m8g-42cx

github

больше 3 лет назад

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute.

EPSS

Процентиль: 56%

0.00332

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79