exploitDog

CVE-2021-24797

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

Ссылки

https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*

Версия до 3.4.8.3 (исключая)

EPSS

Процентиль: 94%

0.12126

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h5xm-qm7g-wc4p

github

около 4 лет назад

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

EPSS

Процентиль: 94%

0.12126

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79