exploitDog

CVE-2021-24796

Опубликовано: 17 нояб. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins

Ссылки

https://wpscan.com/vulnerability/d973dc0f-3cb4-408d-a8b0-01abeb9ef951
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d973dc0f-3cb4-408d-a8b0-01abeb9ef951
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:my_tickets_project:my_tickets:*:*:*:*:*:wordpress:*:*

Версия до 1.8.31 (исключая)

EPSS

Процентиль: 94%

0.12126

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3x29-7jf5-grwh

github

больше 3 лет назад

The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins

EPSS

Процентиль: 94%

0.12126

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79