CVE-2021-24538

{"id": "CVE-2021-24538", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-08-16T11:15:09.107", "references": [{"url": "https://wpscan.com/vulnerability/f9911a43-0f4c-403f-9fca-7822eb693317", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/f9911a43-0f4c-403f-9fca-7822eb693317", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue."}, {"lang": "es", "value": "El plugin de WordPress Current Book versiones hasta 1.0.1, no sanea la entrada del usuario cuando un usuario autenticado a\u00f1ade el autor o el t\u00edtulo del libro, y luego no escapa de estos valores cuando se env\u00edan al navegador, conllevando a un problema de tipo XSS Almacenado Autenticado."}], "lastModified": "2024-11-21T05:53:15.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:current_book_project:current_book:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C289C5BF-E8E0-4F76-889A-253E223F02E0", "versionEndIncluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}