diff --git a/2021/24xxx/CVE-2021-24834.json b/2021/24xxx/CVE-2021-24834.json index 5c63d3b9306..e6228063fbd 100644 --- a/2021/24xxx/CVE-2021-24834.json +++ b/2021/24xxx/CVE-2021-24834.json @@ -1,85 +1,85 @@ { - "CVE_data_meta": { - "ID": "CVE-2021-24834", - "ASSIGNER": "contact@wpscan.com", - "STATE": "PUBLIC", - "TITLE": "YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "generator": "WPScan CVE Generator", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Unknown", - "product": { - "product_data": [ - { - "product_name": "YOP Poll", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "6.3.1", - "version_value": "6.3.1" + "CVE_data_meta": { + "ID": "CVE-2021-24834", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "YOP Poll", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.3.1", + "version_value": "6.3.1" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://wpscan.com/vulnerability/72f58b14-e5cb-4f1c-a16f-621238c6ebbf", - "name": "https://wpscan.com/vulnerability/72f58b14-e5cb-4f1c-a16f-621238c6ebbf" - }, - { - "refsource": "CONFIRM", - "url": "https://plugins.trac.wordpress.org/changeset/2605368", - "name": "https://plugins.trac.wordpress.org/changeset/2605368" - }, - { - "refsource": "MISC", - "url": "https://www.fortiguard.com/zeroday/FG-VD-21-053", - "name": "https://www.fortiguard.com/zeroday/FG-VD-21-053" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "value": "CWE-79 Cross-site Scripting (XSS)", - "lang": "eng" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label." + } ] - } - ] - }, - "credit": [ - { - "lang": "eng", - "value": "Vishnupriya Ilango" + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2605368", + "name": "https://plugins.trac.wordpress.org/changeset/2605368" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/72f58b14-e5cb-4f1c-a16f-621238c6ebbf", + "name": "https://wpscan.com/vulnerability/72f58b14-e5cb-4f1c-a16f-621238c6ebbf" + }, + { + "refsource": "MISC", + "url": "https://www.fortiguard.com/zeroday/FG-VD-21-053", + "name": "https://www.fortiguard.com/zeroday/FG-VD-21-053" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Vishnupriya Ilango" + } + ], + "source": { + "discovery": "EXTERNAL" } - ], - "source": { - "discovery": "EXTERNAL" - } } \ No newline at end of file