cbcvebase.
CVE-2021-41951
published 2021-11-15

CVE-2021-41951: ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the…

PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
77.89%
99.5th percentile
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.

Affected

2 ranges
VendorProductVersion rangeFixed in
montalaresourcespace< 9.69.6
montalaresourcespace

Detection & IOCsextracted from sources · hover to see the quote

path/plugins/wordpress_sso/pages/index.php
url{{BaseURL}}/plugins/wordpress_sso/pages/index.php?wordpress_user=%3Cscript%3Ealert(1)%3C/script%3E
sigma
method: GET; path contains: /plugins/wordpress_sso/pages/index.php; query contains: wordpress_user=
  • Detect reflected XSS exploitation attempts by monitoring GET requests to /plugins/wordpress_sso/pages/index.php with URL-encoded script tags in the wordpress_user parameter (e.g., %3Cscript%3E)
  • HTTP response body containing 'TESTalert(1)' (or unencoded script tag payloads) with Content-Type text/html and HTTP 200 status indicates successful XSS reflection in ResourceSpace
  • Vulnerable parameter is wordpress_user in the WordPress SSO plugin page; any unsanitized value is reflected directly into the HTML response
  • ·Vulnerability only exists in ResourceSpace versions before 9.6 rev 18290; instances at or above this revision are not affected
  • ·The vulnerable code path is only reachable if the wordpress_sso plugin is installed and enabled; installations without this plugin are not exposed

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.