Lucene search
WPScanCVELIST:CVE-2021-24664HistoryNov 08, 2021 - 5:34 p.m.
CVE-2021-24664 WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting
2021-11-0817:34:58
CWE-79
WPScan
www.cve.org
1
wpschoolpress
stored cross-site scripting
wordpress plugin
cve-2021-24664
sanitize_text_field
attributes
EPSS
0.001
Percentile
41.5%
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.
CNA Affected
[
{
"product": "School Management System – WPSchoolPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.17",
"status": "affected",
"version": "2.1.17",
"versionType": "custom"
}
]
}
]Related
zdt
zdt
patchstack
patchstack
cnvd
cnvd
WordPress WPSchoolPress plugin cross-site scripting vulnerability
2021-11-10 00:00:00
exploitdb
exploitdb
packetstorm
packetstorm
WordPress WPSchoolPress 2.1.16 Cross Site Scripting
2021-11-15 00:00:00
prion
prion
Cross site scripting
2021-11-08 18:15:00
nvd
nvd
CVE-2021-24664
2021-11-08 18:15:08
cve
cve
CVE-2021-24664
2021-11-08 18:15:08