CVE-2021-24383

Опубликовано: 21 июн. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

Ссылки

http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*

Версия до 8.1.12 (исключая)

EPSS

Процентиль: 75%

0.00868

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hgx6-w8x6-xmxw