Search criteria
1 vulnerability by steam_group_viewer_project
CVE-2021-24476 (GCVE-0-2021-24476)
Vulnerability from cvelistv5 ā Published: 2021-08-02 10:32 ā Updated: 2024-08-03 19:35
VLAI?
Title
Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Steam Group Viewer |
Affected:
2.1 , ā¤ 2.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d1885641-9547-4dd5-84be-ba4a160ee1f5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Steam Group Viewer",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "kishore hariram"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its \"Steam Group Address\" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:32:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d1885641-9547-4dd5-84be-ba4a160ee1f5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Steam Group Viewer \u003c= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24476",
"STATE": "PUBLIC",
"TITLE": "Steam Group Viewer \u003c= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Steam Group Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.1",
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "kishore hariram"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its \"Steam Group Address\" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d1885641-9547-4dd5-84be-ba4a160ee1f5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d1885641-9547-4dd5-84be-ba4a160ee1f5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24476",
"datePublished": "2021-08-02T10:32:16.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:19.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}