nvd-json-data-feeds/CVE-2021/CVE-2021-245xx/CVE-2021-24516.json

{
  "id": "CVE-2021-24516",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2021-10-18T14:15:09.080",
  "lastModified": "2021-10-21T19:24:16.603",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue."
    },
    {
      "lang": "es",
      "value": "El plugin PlanSo Forms de WordPress versiones hasta 2.6.3 no escapa el t\u00edtulo de su Formulario antes de mostrarlo en los atributos, permitiendo a usuarios con privilegios elevados, como los administradores, establecer cargas \u00fatiles de tipo XSS en \u00e9l, incluso cuando no es permitido el uso de unfiltered_html, conllevando a un problema de tipo Cross-Site Scripting issue Almacenado y Autenticado"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "contact@wpscan.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:planso:planso_forms:*:*:*:*:*:wordpress:*:*",
              "versionEndIncluding": "2.6.3",
              "matchCriteriaId": "1BCCDC7A-CA17-401E-8050-6E50973A97C8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/88d70e35-4c22-4bc7-b1a5-24068d55257c",
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}