4.8

CVE-2021-24713

Exploit

Video Lessons Manager - Admin+ Stored Cross-Site Scripting

Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting

The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks
Mögliche Gegenmaßnahme
CM Video Lessons Manager – Simplify video lessons management for better education: Update to version 1.7.2, or a newer patched version
Video Lessons Manager Pro – Best Video Course LMS: Update to version 3.5.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CmindsVideo Lessons Manager SwPlatformwordpress Version < 1.7.2
CmindsVideo Lessons Manager Pro SwPlatformwordpress Version < 3.5.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt CM Video Lessons Manager – Simplify video lessons management for better education
Version *-1.7.1
SystemWordPress Plugin
Produkt Video Lessons Manager Pro – Best Video Course LMS
Version *-3.5.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.439
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.8 1.7 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://wpscan.com/vulnerability/4a90be69-41eb-43e9-962d-34316497b4df
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9a2045-7d24-4871-b962-32bc0fdf5476
Third Party Advisory