exploitDog

CVE-2021-24427

Опубликовано: 12 июл. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:*

Версия до 2.1.3 (исключая)

EPSS

Процентиль: 61%

0.0042

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-6h4x-c495-6qh7

github

больше 3 лет назад

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue

EPSS

Процентиль: 61%

0.0042

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79