CVE-2021-24426

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Configurations

Configuration 1 (hide)

cpe:2.3:a:web-dorado:backup-wd:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:53

Type Values Removed Values Added
References () https://m0ze.ru/vulnerability/%5B2021-05-23%5D-%5BWordPress%5D-%5BCWE-79%5D-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt - () https://m0ze.ru/vulnerability/%5B2021-05-23%5D-%5BWordPress%5D-%5BCWE-79%5D-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt -
References () https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9 - Exploit, Third Party Advisory

14 Jul 2021, 13:30

Type Values Removed Values Added
CPE cpe:2.3:a:web-dorado:backup-wd:*:*:*:*:*:wordpress:*:*
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://m0ze.ru/vulnerability/[2021-05-23]-[WordPress]-[CWE-79]-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt - Broken Link (MISC) https://m0ze.ru/vulnerability/[2021-05-23]-[WordPress]-[CWE-79]-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt - Exploit, Third Party Advisory
References (CONFIRM) https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9 - (CONFIRM) https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9 - Exploit, Third Party Advisory

12 Jul 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-12 20:15

Updated : 2024-11-21 05:53


NVD link : CVE-2021-24426

Mitre link : CVE-2021-24426

CVE.ORG link : CVE-2021-24426


JSON object : View

Products Affected

web-dorado

  • backup-wd
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')