5.4
CVE-2021-24176
- EPSS 43.48%
- Veröffentlicht 05.04.2021 19:15:16
- Zuletzt bearbeitet 21.11.2024 05:52:31
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginJH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
Mögliche Gegenmaßnahme
JH 404 Logger: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
JH 404 Logger
Version
*-1.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jh 404 Logger Project ≫ Jh 404 Logger SwPlatformwordpress Version <= 1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 43.48% | 0.974 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.