Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24298Cross-site Scripting in Simple Giveaways

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
13.9%
top 5.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Ibenic Simple Giveaways
Timeline
PublishedMay 24
Latest updateMay 24

Description

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jw46-grq7-cw4w: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading2022-05-24
CVEList
Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)2021-05-24

💥Exploits & PoCs

1
Nuclei
WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting
CVE-2021-24298 — Cross-site Scripting | cvebase