Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24323
HistoryMay 17, 2021 - 4:48 p.m.

CVE-2021-24323 Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)

2021-05-1716:48:53
CWE-79
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

24.8%

When taxes are enabled, the “Additional tax classes” field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

CNA Affected

[
  {
    "product": "WooCommerce",
    "vendor": "Automattic",
    "versions": [
      {
        "lessThan": "5.2.0",
        "status": "affected",
        "version": "5.2.0",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

24.8%

Related for CVELIST:CVE-2021-24323