Lucene search
K

4 matches found

Circl
Circl
added 2024/01/23 9:16 p.m.7 views

CVE-2021-24559

creationtimestamp| type| source ---|---|--- 2024-01-23 21:16:32+00:00| seen| https://t.me/ctinow/172300 2024-02-06 14:46:25+00:00| seen| https://t.me/ctinow/180022...

5.4CVSS5.5AI score0.00218EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/01/16 3:48 p.m.1 views

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

5.4AI score0.00218EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:48 p.m.38 views

CVE-2021-24559

The CVE concerns the Qyrr WordPress plugin prior to version 0.7. The vulnerability stems from two issues: (1) the plugin does not escape the data-uri of the QR Code when outputting it in a src attribute, enabling Cross-Site Scripting, and (2) the data_uri_to_meta AJAX action lacks robust CSRF pro...

5.4CVSS5.4AI score0.00218EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/01/16 3:48 p.m.33 views

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

5.7AI score0.00218EPSS
Exploits2References1
Rows per page
Query Builder