CVE-2021-24298
Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 3.5%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
24 May 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
Affected products
Igor Benic · Simple Giveaways – Grow your business, email lists and traffic with contestsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →