CVE-2021-24558

The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://codevigilant.com/disclosure/2021/wp-plugin-project-status/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/ca5f2152-fcfd-492d-a552-f9604011beff	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:3.7designs:project_status:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-08-23 12:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-24558

Mitre link : CVE-2021-24558

CVE.ORG link : CVE-2021-24558

JSON object : View

Products Affected

3.7designs

project_status

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-24558", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-08-23T12:15:10.080", "references": [{"url": "https://codevigilant.com/disclosure/2021/wp-plugin-project-status/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/ca5f2152-fcfd-492d-a552-f9604011beff", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue"}, {"lang": "es", "value": "La funci\u00f3n pspin_duplicate_post_save_as_new_post del plugin de WordPress Project Status versiones hasta 1.6, no sanea, comprueba o escapa del par\u00e1metro GET del post que se le pasa antes de mostrarlo en un mensaje de error cuando el post relacionado no se presenta, conllevando a un problema de tipo XSS reflejado."}], "lastModified": "2021-08-27T17:24:20.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:3.7designs:project_status:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7C5E4F6B-0A11-47A2-9AD5-41AC7CC322D5", "versionEndIncluding": "1.6"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}