exploitDog

CVE-2021-24510

Опубликовано: 13 сент. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

Ссылки

https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
Third Party Advisory
https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:wordpress:*:*:*

Версия до 1.1 (включая)

EPSS

Процентиль: 96%

0.21147

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

Связанные уязвимости

GHSA-54p3-vvrm-gcf3

CVSS3: 6.1

github

больше 3 лет назад

The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

EPSS

Процентиль: 96%

0.21147

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты