CVE-2021-24738

Published: Dic 21, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-11650 Aliases: GSD-2021-24738

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

LOW 3,5

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: single

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the 'Logo Margin' carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0018

Percentile

0,4th

Updated

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Logo Carousel by Shapedplugin

Product Information

Vendor Shapedplugin

Product Logo Carousel

Version Range Affected

To 3.4.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:shapedplugin:logo_carousel:*:*:*:*:*:wordpress:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2e…

Exploit Third Party Advisory

https://wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2ecbd9a3df25

https://wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2e…

Exploit Third Party Advisory

https://wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2ecbd9a3df25

CVE-2021-24738

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Logo Carousel by Shapedplugin

Product Information

Iscriviti alla newsletter