4.8
CVE-2021-24713
- EPSS 0.21%
- Veröffentlicht 23.11.2021 20:15:09
- Zuletzt bearbeitet 23.01.2026 13:22:56
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginVideo Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting
The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks
Mögliche Gegenmaßnahme
CM Video Lessons Manager – Simplify video lessons management for better education: Update to version 1.7.2, or a newer patched version
Video Lessons Manager Pro – Best Video Course LMS: Update to version 3.5.9, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
CM Video Lessons Manager – Simplify video lessons management for better education
Version
*-1.7.1
SystemWordPress Plugin
≫
Produkt
Video Lessons Manager Pro – Best Video Course LMS
Version
*-3.5.8
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cminds ≫ Video Lessons Manager SwPlatformwordpress Version < 1.7.2
Cminds ≫ Video Lessons Manager Pro SwPlatformwordpress Version < 3.5.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.431 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.