← Zuruck zu CVEs
CVE-2021-24558
MEDIUM5.4
Beschreibung
The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht8/23/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
3.7designs:project_status
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://codevigilant.com/disclosure/2021/wp-plugin-project-status/(contact@wpscan.com)
https://wpscan.com/vulnerability/ca5f2152-fcfd-492d-a552-f9604011beff(contact@wpscan.com)
https://codevigilant.com/disclosure/2021/wp-plugin-project-status/(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/ca5f2152-fcfd-492d-a552-f9604011beff(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.