Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/22 7:23 p.m.10 views

CVE-2021-24740

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00622EPSS
Exploits2References1
nvd
nvd
added 2021/10/18 2:15 p.m.15 views

CVE-2021-24740

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00622EPSS
Exploits2References1
osv
osv
added 2021/10/18 2:15 p.m.26 views

CVE-2021-24740

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00622EPSS
Exploits2References1
cve
cve
added 2021/10/18 1:46 p.m.53 views

CVE-2021-24740

The CVE-2021-24740 entry concerns the Tutor LMS WordPress plugin, affected versions prior to 1.9.9. The vulnerability is a stored Cross-Site Scripting (XSS) flaw where certain settings are output in HTML attributes without proper escaping, enabling high-privilege users to trigger XSS potentially ...

4.8CVSS4.7AI score0.00622EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2021/10/18 1:46 p.m.20 views

CVE-2021-24740 Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00622EPSS
Exploits2References1
Rows per page
Query Builder