CVE-2021-24884

{"id": "CVE-2021-24884", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2021-10-25T14:15:10.867", "references": [{"url": "https://github.com/S1lkys/XSS-in-Formidable-4.09.04/blob/main/XSS-in-Formidable-4.09.04.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://github.com/Strategy11/formidable-forms/pull/335/files", "tags": ["Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/b57dacdd-43c2-48f8-ac1e-eb8306b22533", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://github.com/S1lkys/XSS-in-Formidable-4.09.04/blob/main/XSS-in-Formidable-4.09.04.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Strategy11/formidable-forms/pull/335/files", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpscan.com/vulnerability/b57dacdd-43c2-48f8-ac1e-eb8306b22533", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the \"data-frmverify\" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited."}, {"lang": "es", "value": "El plugin Formidable Form Builder de WordPress versiones anteriores a 4.09.05, permite inyectar determinadas etiquetas HTML como ,,,<a rel=\"nofollow\"> y.Esto podr\u00eda permitir a un atacante remoto no autenticado explotar una inyecci\u00f3n HTML al inyectar un enlace malicioso. La inyecci\u00f3n HTML puede enga\u00f1ar a usuarios autenticados para que sigan el enlace. Si se hace clic en el Enlace, es posible ejecutar c\u00f3digo Javascript. La vulnerabilidad es debido a un saneamiento insuficiente de la etiqueta \"data-frmverify\" para los enlaces en la p\u00e1gina de inspecci\u00f3n de entrada de los sistemas afectados. Una explotaci\u00f3n con \u00e9xito en combinaci\u00f3n con CSRF podr\u00eda permitir al atacante llevar a cabo acciones arbitrarias en un sistema afectado con los privilegios del usuario. Estas acciones incluyen el robo de la cuenta del usuario al cambiar su contrase\u00f1a o permitir a atacantes enviar su propio c\u00f3digo mediante un usuario autenticado, resultando en una ejecuci\u00f3n de c\u00f3digo remota. Si un usuario autenticado que es capaz de editar el c\u00f3digo PHP de Wordpress en cualquier tipo, hace clic en el enlace malicioso, el c\u00f3digo PHP puede ser editado</a>"}], "lastModified": "2024-11-21T05:53:56.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F5D020F6-F06B-4437-8BBF-CCF40D95AC45", "versionEndExcluding": "4.09.05"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}