CVE-2021-24879

{"id": "CVE-2021-24879", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-02-07T16:15:42.537", "references": [{"url": "https://wpscan.com/vulnerability/6dfb4f61-c8cb-40ad-812f-139482be0fb4", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/6dfb4f61-c8cb-40ad-812f-139482be0fb4", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it."}, {"lang": "es", "value": "El plugin SupportCandy de WordPress versiones anteriores a 2.2.7, no presenta una comprobaci\u00f3n CSRF en la acci\u00f3n AJAX wpsc_tickets, ni presenta ning\u00fan tipo de saneo o escape en algunos de los campos filter, lo que podr\u00eda permitir a atacantes hacer que un usuario conectado que tenga acceso al panel de listas de tickets establezca un filtro arbitrario (almacenado en sus cookies) con una carga \u00fatil de tipo XSS en \u00e9l"}], "lastModified": "2024-11-21T05:53:56.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:supportcandy:supportcandy:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FA18C347-55CA-4C4E-B366-E636427A241D", "versionEndExcluding": "2.2.7"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}