WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
References
| Link | Resource |
|---|---|
| https://www.compass-security.com/en/research/advisories/ | Third Party Advisory |
| https://www.compass-security.com/fileadmin/Research/Advisories/2021-18_CSNC-2021-018-WPMailster_XSS_CSRF.txt | Exploit Third Party Advisory |
Configurations
History
26 Oct 2021, 02:06
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| References | (MISC) https://www.compass-security.com/fileadmin/Research/Advisories/2021-18_CSNC-2021-018-WPMailster_XSS_CSRF.txt - Exploit, Third Party Advisory | |
| References | (MISC) https://www.compass-security.com/en/research/advisories/ - Third Party Advisory | |
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:wpmailster:wp_mailster:1.6.18:*:*:*:*:wordpress:*:* |
21 Oct 2021, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-10-21 16:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-28975
Mitre link : CVE-2021-28975
CVE.ORG link : CVE-2021-28975
JSON object : View
Products Affected
wpmailster
- wp_mailster
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')