CVE-2021-46781 Coming Soon by Supsystic < 1.7.6 - Reflected Cross-Site Scripting

2022-04-2515:50:50

CWE-79

WPScan

www.cve.org

coming soon plugin

cve-2021-46781

reflected cross-site scripting

EPSS

0.001

Percentile

40.2%

JSON

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting

CNA Affected

[
  {
    "product": "Coming Soon by Supsystic",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.7.6",
        "status": "affected",
        "version": "1.7.6",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/49589867-f764-4c4a-b640-84973c673b23

EPSS

0.001

Percentile

40.2%

JSON

Related for CVELIST:CVE-2021-46781