Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24283
HistoryMay 14, 2021 - 11:38 a.m.

CVE-2021-24283 Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)

2021-05-1411:38:17
CWE-79
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

24.8%

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.

CNA Affected

[
  {
    "product": "Accordion",
    "vendor": "PickPlugins",
    "versions": [
      {
        "lessThan": "2.2.30",
        "status": "affected",
        "version": "2.2.30",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

24.8%