Lucene search
WPScanCVELIST:CVE-2021-24538HistoryAug 16, 2021 - 10:48 a.m.
CVE-2021-24538 Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)
2021-08-1610:48:31
CWE-79
WPScan
www.cve.org
3
cve-2021-24538
current book
wordpress
authenticated stored xss
EPSS
0.001
Percentile
24.8%
The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.
CNA Affected
[
{
"product": "Current Book",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.1",
"status": "affected",
"version": "1.0.1",
"versionType": "custom"
}
]
}
]Related
wpexploit
wpexploit
Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)
2021-07-14 00:00:00
nvd
nvd
CVE-2021-24538
2021-08-16 11:15:09
cve
cve
CVE-2021-24538
2021-08-16 11:15:09
wpvulndb
wpvulndb
Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)
2021-07-14 00:00:00
prion
prion
Cross site scripting
2021-08-16 11:15:00