CVE-2021-24239
Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 1.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
22 abr 2021Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin before 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.
Productos afectados
Unknown · Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →