The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues.
References
Configurations
History
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-07-12 20:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24419
Mitre link : CVE-2021-24419
CVE.ORG link : CVE-2021-24419
JSON object : View
Products Affected
wp_youtube_lyte_project
- wp_youtube_lyte
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')