CVE-2021-24837

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 60.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Passster Passster Project Passter

Timeline

PublishedJan 23

Description

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/passster< 3.5.5.8

▶NVDpassster_project/passter< 3.5.5.8

🔴Vulnerability Details

CVEList

Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting↗2023-01-23

▶

GHSA

GHSA-mj4m-mqjg-cm54: The Passster WordPress plugin before 3↗2023-01-23

▶