exploitDog

CVE-2021-24874

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/28d34cc1-2294-4409-a60f-c8c441eb3f2d
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/28d34cc1-2294-4409-a60f-c8c441eb3f2d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:*

Версия до 3.1.31 (исключая)

EPSS

Процентиль: 52%

0.00288

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2hcr-94vw-mxjh

CVSS3: 6.1

github

почти 4 года назад

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

EPSS

Процентиль: 52%

0.00288

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79