CVE-2021-24976

{"id": "CVE-2021-24976", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-01-24T08:15:09.043", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2637305", "tags": ["Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting"}, {"lang": "es", "value": "El plugin Smart SEO Tool de WordPress versiones anteriores a 3.0.6, no sanea y escapa del par\u00e1metro search antes de devolverlo en un atributo cuando la configuraci\u00f3n de optimizaci\u00f3n TDK est\u00e1 habilitada, conllevando a un ataque de tipo Cross-Site Scripting Reflejado"}], "lastModified": "2022-01-28T03:23:48.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wbolt:smart_seo_tool:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "09590A89-293B-434D-A106-2DE0A565C304", "versionEndExcluding": "3.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}