exploitDog

CVE-2021-24765

Опубликовано: 01 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue

Ссылки

https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/4440e7ca-1a55-444d-8f6c-04153302d750
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getperfectsurvey:perfect_survey:*:*:*:*:*:wordpress:*:*

Версия до 1.5.2 (исключая)

EPSS

Процентиль: 87%

0.0323

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9f2f-rwp6-gw4q

github

около 4 лет назад

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue

EPSS

Процентиль: 87%

0.0323

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79