CVE-2021-24756

WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting

EPSS 1.3%CWE-79

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 dez 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.

Produtos afetados

Unknown · WP System Log

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wpscan.com/vulnerability/0cea0717-8f54-4f1c-b3ee-aff7dd91bf59