Lucene search
WPScanCVELIST:CVE-2021-24323HistoryMay 17, 2021 - 4:48 p.m.
CVE-2021-24323 Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
2021-05-1716:48:53
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
24.8%
When taxes are enabled, the “Additional tax classes” field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled
CNA Affected
[
{
"product": "WooCommerce",
"vendor": "Automattic",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
2021-04-21 00:00:00
wpexploit
wpexploit
Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
2021-04-21 00:00:00
osv
osv
CVE-2021-24323
2021-05-17 17:15:08
github
github
nvd
nvd
CVE-2021-24323
2021-05-17 17:15:08
cve
cve
CVE-2021-24323
2021-05-17 17:15:08
prion
prion
Cross site scripting
2021-05-17 17:15:00