Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.9 views

CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS6.2AI score0.00604EPSS
Exploits2References1
NVD
NVD
added 2022/01/03 1:15 p.m.21 views

CVE-2021-24828

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00604EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/01/03 12:49 p.m.20 views

CVE-2021-24828 Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.6AI score0.00604EPSS
Exploits2References1
CVE
CVE
added 2022/01/03 12:49 p.m.116 views

CVE-2021-24828

Vulnerability summary (CVE-2021-24828) : The WordPress plugin “Mortgage Calculator / Loan Calculator” prior to version 1.5.17 does not escape certain attributes in the mlcalc shortcode output. This can enable Cross-Site Scripting (XSS) by users with as little as a Contributor role. The issue is t...

5.4CVSS5.3AI score0.00604EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder