CVE-2021-24299

{"id": "CVE-2021-24299", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-05-17T17:15:08.280", "references": [{"url": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded."}, {"lang": "es", "value": "El plugin de WordPress para ReDi Restaurant Reservation versiones anteriores al 21.0426, proporciona la funcionalidad para permitir a usuarios hacer reservas en restaurantes. Estas reservas son almacenadas y pueden ser enumeradas en una p\u00e1gina de \"Upcoming\" proporcionada por el plugin. Un usuario no autenticado puede completar el formulario para hacer una reserva en un restaurante. El formulario para hacer un campo de reserva de restaurante llamado \"Comment\" no usa la comprobaci\u00f3n de entrada apropiada y puede ser usada para almacenar cargas \u00fatiles XSS. Las cargas \u00fatiles XSS ser\u00e1n ejecutadas cuando el usuario del plugin vaya a la p\u00e1gina \"Upcoming\", que es un sitio web externo https://upcoming.reservationdiary.eu/ cargado en un iframe, y es cargado la reserva almacenada con la carga \u00fatil XSS"}], "lastModified": "2021-05-24T19:16:57.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:catzsoft:redi_restaurant_reservation:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "62B3EC69-C111-4135-82CE-2944F7518341", "versionEndExcluding": "21.0426"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}