4.8
CVE-2021-24539
- EPSS 0.57%
- Veröffentlicht 01.11.2021 09:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:15
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginComing Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting
Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 - Admin+ Stored Cross-Site Scripting
The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue
Mögliche Gegenmaßnahme
Coming Soon, Under Construction & Maintenance Mode By Dazzler: Update to version 1.6.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dazzlersoftware ≫ Coming Soon, Under Construction & Maintenance Mode By Dazzler SwPlatformwordpress Version < 1.6.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Coming Soon, Under Construction & Maintenance Mode By Dazzler
Version
*-1.6.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.427 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:N/AC:H/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/vulnerability/4bda5dff-f577-4cd8-a225-c6b4c32f22b4
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e9506bd-10a6-40ab-8162-cf4fad9cb882