CVE-2021-24467
Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
09 ago 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being used, or using malicious attributions which will be executed in all page with an embed map from the plugin
Productos afectados
Unknown · Leaflet Map¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →