Lucene search
SunCSR (Sun Cyber Security Research)WPEX-ID:11DC3325-E696-4C9E-BA10-968416D5C864HistoryMay 16, 2020 - 12:00 a.m.
Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
2020-05-1600:00:00
SunCSR (Sun Cyber Security Research)
333
0.001 Low
EPSS
Percentile
24.8%
Cross-site scripting vulnerabilities in Team Members version 5.0.3 and lower allow medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the ‘Description/biography’ of a member.
https://drive.google.com/file/d/1w5AmyBEOxAmtQ0T3uGKAB3o9w3ihNRAj/view
Add a user to a team, then use <img src=x onerror=alert(/XSS/)> in the 'Description/biography' field.Related
wpvulndb
wpvulndb
Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)
2020-05-16 00:00:00
nvd
nvd
CVE-2021-24128
2021-03-18 15:15:14
patchstack
patchstack
prion
prion
Cross site scripting
2021-03-18 15:15:00
cvelist
cvelist
cve
cve
CVE-2021-24128
2021-03-18 15:15:14