← Volver a CVEs
CVE-2021-24623
MEDIUM4.8
Descripcion
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Detalles CVE
Puntuacion CVSS v3.14.8
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado9/13/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
ticket-system:wordpress_advanced_ticket_system
Debilidades (CWE)
CWE-79
Referencias
https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c(contact@wpscan.com)
https://wpscan.com/vulnerability/41d9027c-a982-44c7-889e-721333496b5c(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.