CVE-2021-24298 Vulnerability Details

  /     /     /  

CVE-2021-24298 Metadata Quick Info

CVE Published: 24/05/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: WPScan | Vendor: Igor Benic | Product: Simple Giveaways – Grow your business, email lists and traffic with contests
Status : PUBLISHED

CVE-2021-24298 Description

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Cross-site Scripting (XSS)
Source: Igor Benic

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: