Search criteria
2 vulnerabilities found for Testimonial Rotator by Unknown
CVE-2021-24156 (GCVE-0-2021-24156)
Vulnerability from nvd – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI
Title
Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting
Summary
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8b6f4a77-4008-47… | x_refsource_CONFIRM |
| https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQ… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Testimonial Rotator |
Affected:
3.0.3 , ≤ 3.0.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Testimonial Rotator",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "3.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-05T18:27:42.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Testimonial Rotator \u003c= 3.0.3 - Authenticated Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24156",
"STATE": "PUBLIC",
"TITLE": "Testimonial Rotator \u003c= 3.0.3 - Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Testimonial Rotator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.3",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68"
},
{
"name": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA",
"refsource": "MISC",
"url": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24156",
"datePublished": "2021-04-05T18:27:42.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24156 (GCVE-0-2021-24156)
Vulnerability from cvelistv5 – Published: 2021-04-05 18:27 – Updated: 2024-08-03 19:21
VLAI
Title
Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting
Summary
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8b6f4a77-4008-47… | x_refsource_CONFIRM |
| https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQ… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Testimonial Rotator |
Affected:
3.0.3 , ≤ 3.0.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Testimonial Rotator",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "3.0.3",
"status": "affected",
"version": "3.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-05T18:27:42.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Testimonial Rotator \u003c= 3.0.3 - Authenticated Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24156",
"STATE": "PUBLIC",
"TITLE": "Testimonial Rotator \u003c= 3.0.3 - Authenticated Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Testimonial Rotator",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.3",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68"
},
{
"name": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA",
"refsource": "MISC",
"url": "https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24156",
"datePublished": "2021-04-05T18:27:42.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}