Search criteria
1 vulnerability by drawblog_project
CVE-2021-24479 (GCVE-0-2021-24479)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
VLAI?
Title
DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DrawBlog",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.90",
"status": "affected",
"version": "0.90",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABISHEIK M"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:32:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DrawBlog \u003c= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24479",
"STATE": "PUBLIC",
"TITLE": "DrawBlog \u003c= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DrawBlog",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.90",
"version_value": "0.90"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABISHEIK M"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24479",
"datePublished": "2021-08-02T10:32:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}