Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by wpuslugi

CVE-2021-24277 (GCVE-0-2021-24277)

Vulnerability from cvelistv5 – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:28
VLAI
Title
RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
Severity
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
Flector RSS for Yandex Turbo Affected: 1.30 , < 1.30 (custom)
Create a notification for this product.
Credits
Himamshu Dilip Kulkarni
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:22.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/8ebf56be-46c0-4435-819f-dc30370eafa4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RSS for Yandex Turbo",
          "vendor": "Flector",
          "versions": [
            {
              "lessThan": "1.30",
              "status": "affected",
              "version": "1.30",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Himamshu Dilip Kulkarni"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its \u0421\u0447\u0435\u0442\u0447\u0438\u043a\u0438 settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-14T11:38:16.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/8ebf56be-46c0-4435-819f-dc30370eafa4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RSS for Yandex Turbo \u003c 1.30 - Authenticated Stored Cross-Site Scripting (XSS)",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24277",
          "STATE": "PUBLIC",
          "TITLE": "RSS for Yandex Turbo \u003c 1.30 - Authenticated Stored Cross-Site Scripting (XSS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RSS for Yandex Turbo",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.30",
                            "version_value": "1.30"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Flector"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Himamshu Dilip Kulkarni"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its \u0421\u0447\u0435\u0442\u0447\u0438\u043a\u0438 settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/8ebf56be-46c0-4435-819f-dc30370eafa4",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/8ebf56be-46c0-4435-819f-dc30370eafa4"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24277",
    "datePublished": "2021-05-14T11:38:16.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:28:22.658Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}