CVE-2021-24246 WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

2021-05-0518:39:43

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

24.9%

JSON

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues

CNA Affected

[
  {
    "product": "Workscout Core",
    "vendor": "PureThemes",
    "versions": [
      {
        "lessThan": "1.3.4",
        "status": "affected",
        "version": "1.3.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WorkScout",
    "vendor": "PureThemes",
    "versions": [
      {
        "lessThan": "2.0.33",
        "status": "affected",
        "version": "2.0.33",
        "versionType": "custom"
      }
    ]
  }
]