Lucene search

K
cve[email protected]CVE-2021-39329
HistoryOct 19, 2021 - 3:15 p.m.

CVE-2021-39329

2021-10-1915:15:07
CWE-79
web.nvd.nist.gov
18
cve-2021-39329
jobboardwp
wordpress plugin
stored xss
input validation
sanitization
administrative user access
nvd

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

26.9%

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Affected configurations

Vulners
NVD
Node
jobboardwpjobboardwpRange1.0.71.0.7

CNA Affected

[
  {
    "product": "JobBoardWP",
    "vendor": "JobBoardWP",
    "versions": [
      {
        "lessThanOrEqual": "1.0.7",
        "status": "affected",
        "version": "1.0.7",
        "versionType": "custom"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

26.9%

Related for CVE-2021-39329