The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
References
Configurations
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://m0ze.ru/vulnerability/%5B2021-05-23%5D-%5BWordPress%5D-%5BCWE-79%5D-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt - | |
References | () https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9 - Exploit, Third Party Advisory |
14 Jul 2021, 13:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:web-dorado:backup-wd:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
References | (MISC) https://m0ze.ru/vulnerability/[2021-05-23]-[WordPress]-[CWE-79]-Backup-by-10Web-WordPress-Plugin-v1.0.20.txt - Exploit, Third Party Advisory | |
References | (CONFIRM) https://wpscan.com/vulnerability/48464b3f-fe57-40fe-8868-398a36099fb9 - Exploit, Third Party Advisory |
12 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-12 20:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24426
Mitre link : CVE-2021-24426
CVE.ORG link : CVE-2021-24426
JSON object : View
Products Affected
web-dorado
- backup-wd
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')