exploitDog

CVE-2021-24479

Опубликовано: 02 авг. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue

Ссылки

https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:drawblog_project:drawblog:*:*:*:*:*:wordpress:*:*

Версия до 0.90 (включая)

EPSS

Процентиль: 61%

0.0042

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-cghc-jhgh-fr89

github

больше 3 лет назад

The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue

EPSS

Процентиль: 61%

0.0042

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79