5 matches found
WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code. id: CVE-2021-24176 info: name: WordPress JH 40...
CVE-2021-24176
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...
CVE-2021-24176
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24176.yaml...
CVE-2021-24176
Summary: CVE-2021-24176 affects the WordPress JH 404 Logger plugin up to version 1.1. The root cause is that the referer and the path of 404 pages are not sanitized when echoed in the WordPress dashboard, enabling arbitrary JavaScript execution in the dashboard context. Impact: cross-site scripti...
CVE-2021-24176 JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard...