exploitDog

CVE-2021-24991

Опубликовано: 03 янв. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

Ссылки

https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/88e706df-ae03-4665-94a3-db226e1f31a9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpovernight:woocommerce_pdf_invoices\&_packing_slips:*:*:*:*:*:wordpress:*:*

Версия до 2.10.5 (исключая)

EPSS

Процентиль: 87%

0.03364

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-pmj4-hxrq-f9wh

github

около 4 лет назад

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

EPSS

Процентиль: 87%

0.03364

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79