| ID | CVE-2021-24471 | ||||||
| Sažetak | The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target, width, height, or alt parameter of youtube_thumb shortcode, or 3. by embedding a video whose title or description contains XSS payload (if API key is configured). | ||||||
| Reference | |||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | AV:N/AC:H/Au:S/C:N/I:P/A:N | ||||||
| Zadnje važnije ažuriranje | 23-08-2021 - 18:54 | ||||||
| Objavljeno | 16-08-2021 - 11:15 |
