5.4
CVE-2021-24593
- EPSS 0.62%
- Veröffentlicht 30.08.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:22
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginBusiness Hours Indicator < 2.3.5 - Authenticated Stored XSS
Business Hours Indicator <= 2.3.4 - Authenticated Stored Cross-Site Scripting
The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue
Mögliche Gegenmaßnahme
Business Hours Indicator: Update to version 2.3.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Business Hours Indicator Project ≫ Business Hours Indicator SwPlatformwordpress Version < 2.3.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Business Hours Indicator
Version
[*, 2.3.5)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.45 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/vulnerability/309296d4-c397-4fc7-85fb-a28b5b5b6a8d
https://www.wordfence.com/threat-intel/vulnerabilities/id/9b38d892-6797-43ae-9f17-f8f90222911e