admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/24xxx/CVE-2021-24487.json
erwanlr 971b992528 Updates CWE as per audit
2022-07-29 11:17:48 +02:00

84 lines
2.1 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ID": "CVE-2021-24487",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "St-Daily-Tip",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.7",
"version_value": "4.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to a Stored Cross-Site Scripting issue"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/def352f8-1bbe-4263-ad1a-1486140269f4",
"name": "https://wpscan.com/vulnerability/def352f8-1bbe-4263-ad1a-1486140269f4"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "eng"
}
]
},
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Akash Rajendra Patil"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink