CVE-2021-24177

Sažetak

In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.

Reference

https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/
https://plugins.trac.wordpress.org/changeset/2476829/
https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8
https://n4nj0.github.io/advisories/wordpress-plugin-wp-file-manager-i/
https://plugins.trac.wordpress.org/changeset/2476829/
https://wpscan.com/vulnerability/1cf3d256-cf4b-4d1f-9ed8-e2cc6392d8d8

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

24-03-2025 - 14:32

Objavljeno

05-04-2021 - 19:15