Search criteria
1 vulnerability by Libin V Babu
CVE-2021-24658 (GCVE-0-2021-24658)
Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI
Title
Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/ec70f02b-02a1-45… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2507516 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Libin V Babu | Erident Custom Login and Dashboard |
Affected:
3.5.9 , < 3.5.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2507516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Erident Custom Login and Dashboard",
"vendor": "Libin V Babu",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "3.5.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Calver (Bulletproof Cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:10:20.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2507516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Erident Custom Login and Dashboard \u003c 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24658",
"STATE": "PUBLIC",
"TITLE": "Erident Custom Login and Dashboard \u003c 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Erident Custom Login and Dashboard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.5.9",
"version_value": "3.5.9"
}
]
}
}
]
},
"vendor_name": "Libin V Babu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Calver (Bulletproof Cyber)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2507516",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2507516"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24658",
"datePublished": "2021-08-23T11:10:20.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}