exploitDog

CVE-2021-24571

Опубликовано: 23 авг. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/377fd65f-3a8c-4f7a-9e40-046d52ec0eef
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/377fd65f-3a8c-4f7a-9e40-046d52ec0eef
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:harmonicdesign:hd_quiz:*:*:*:*:*:wordpress:*:*

Версия до 1.8.4 (исключая)

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-7hqj-44cw-26jp

github

больше 3 лет назад

The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues

EPSS

Процентиль: 40%

0.0018

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79