CVE-2021-24296

{"id": "CVE-2021-24296", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2021-05-24T11:15:08.070", "references": [{"url": "https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/c450f54a-3372-49b2-8ad8-68d5cc0dd49e", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled"}, {"lang": "es", "value": "El plugin de WordPress WP Customer Reviews versiones anteriores a 3.5.6 no saneaba algunas de sus configuraciones, lo que permit\u00eda a usuarios muy privilegiados, como los administradores, configurar cargas \u00fatiles XSS en ellos, que luego se desencadenar\u00e1n en las p\u00e1ginas donde las revisiones est\u00e1n habilitadas"}], "lastModified": "2024-11-21T05:52:47.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gowebsolutions:wp_customer_reviews:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F4787910-463E-4B27-9134-4E0D867F63BF", "versionEndExcluding": "3.5.6"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}