exploitDog

CVE-2021-24756

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.

Ссылки

https://wpscan.com/vulnerability/0cea0717-8f54-4f1c-b3ee-aff7dd91bf59
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0cea0717-8f54-4f1c-b3ee-aff7dd91bf59
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp_system_log_project:wp_system_log:*:*:*:*:*:wordpress:*:*

Версия до 1.0.21 (исключая)

EPSS

Процентиль: 94%

0.14825

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x547-6pg3-h56r

github

около 4 лет назад

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.

EPSS

Процентиль: 94%

0.14825

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79