CVE-2021-24738

🗓️ 21 Dec 2021 08:45:26Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

The Logo Carousel WordPress plugin before 3.4.2 allows stored XSS via the "Logo Margin" option

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-24738	21 Dec 202112:23	–	circl
CNNVD	WordPress 插件跨站脚本漏洞	21 Dec 202100:00	–	cnnvd
CNVD	WordPress Logo Carousel plugin cross-site scripting vulnerability	26 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-24738 Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting	21 Dec 202108:45	–	cvelist
EUVD	EUVD-2021-11650	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24738	21 Dec 202109:15	–	nvd
Patchstack	WordPress Logo Carousel plugin <= 3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability	22 Nov 202100:00	–	patchstack
Prion	Cross site scripting	21 Dec 202109:15	–	prion
RedhatCVE	CVE-2021-24738	22 May 202519:23	–	redhatcve
wpexploit	Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting	22 Nov 202100:00	–	wpexploit

NVD

Vulners

Node

shapedplugin logo_carouselRange<3.4.2wordpress

[
  {
    "product": "Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.4.2",
        "status": "affected",
        "version": "3.4.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2ecbd9a3df25

Parameter	Position	Path	Description	CWE
Logo Margin	request body	/wp-admin/post-new.php?post_type=sp_lc_shortcodes	Stored XSS via unsanitized Logo Margin input in Style Setting when creating a new Logo Carousel shortcode	CWE-79
style	request body	/wp-admin/post-new.php?post_type=sp_lc_shortcodes	Stored XSS via unsanitized Logo Margin input in Style Setting when creating a new Logo Carousel shortcode	CWE-79

21 Nov 2024 05:53Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.15.4

EPSS0.0018

CWE-79