CVE-2021-24176

JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

EPSS 2.0%CWE-79

Vexday Risk Score

18Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 2.0%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

05 abr 2021Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.

Productos afectados

Unknown · JH 404 Logger

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://ganofins.com/blog/my-first-cve-2021-24176/https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585