CVE-2021-24383

Published: Jun 21, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

Affected (1)

Products: Codecabin: Wp Go Maps

Codecabin

1 product

Wp Go Maps

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codecabin Wp Go Maps	Before 8.1.12

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html

Source: contact@wpscan.com

ExploitThird Party AdvisoryVDB Entry

https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954

Source: contact@wpscan.com

ExploitThird Party Advisory

http://packetstormsecurity.com/files/163261/WordPress-WP-Google-Maps-8.1.11-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.