CVE-2021-24588
published 2021-09-06CVE-2021-24588: The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.83%
52.9th percentile
The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cozyvision | sms_alert_order_notifications | < 3.4.7 | 3.4.7 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_cisco3.1
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-22px-9px7-pc64: The SMS Alert Order Notifications WordPress plugin before 3
ghsa_unreviewed·2022-05-24
CVE-2021-24588 [MEDIUM] CWE-79 GHSA-22px-9px7-pc64: The SMS Alert Order Notifications WordPress plugin before 3
The SMS Alert Order Notifications WordPress plugin before 3.4.7 is affected by a cross site scripting (XSS) vulnerability in the plugin's setting page.
Kernel
Merge tag 'wireless-drivers-next-2021-10-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
kernel_security·2021-10-29·CVSS 3.5
CVE-2020-24588 [LOW] Merge tag 'wireless-drivers-next-2021-10-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
Merge tag 'wireless-drivers-next-2021-10-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
Kalle Valo says:
wireless-drivers-next patches for v5.16
Fourth set of patches for v5.16. Mostly fixes this time, wcn36xx and
iwlwifi have some new features but nothing really out of ordinary.
We have one conflict with kspp tree.
Major changes:
ath11k
* fix QCA6390 A-MSDU handling (CVE-2020-24588)
wcn36xx
* enable hardware scan offload for 5Ghz band
* add missing 5GHz channels 136 and 144
iwlwifi
* support a new ACPI table revision
* improvements in the device selection code
* new hardware support
* support for WiFi 6E enablement via BIOS
* support firmware API version 67
* support for 160MHz in ranging measurements
Link: https://lore.kernel.org/r/2021102913470
Kernel
Merge tag 'wireless-drivers-2021-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
kernel_security·2021-06-03·CVSS 3.5
CVE-2020-24588 [LOW] Merge tag 'wireless-drivers-2021-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Merge tag 'wireless-drivers-2021-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
Kalle Valo says:
wireless-drivers fixes for v5.13
We have only mt76 fixes this time, most important being the fix for
A-MSDU injection attacks.
mt76
* mitigate A-MSDU injection attacks (CVE-2020-24588)
* fix possible array out of bound access in mt7921_mcu_tx_rate_report
* various aggregation and HE setting fixes
* suspend/resume fix for pci devices
* mt7615: fix crash when runtime-pm is not supported
Signed-off-by: David S. Miller
Cisco
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
vendor_cisco·CVSS 3.1
CVE-2020-24588 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
CVE-2020-24588: Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device. This advisory will be updated as additional information becomes available. This advisory is available at the
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-06
Published