CVE-2021-4227 Vulnerability Details

  /     /     /  

CVE-2021-4227 Metadata Quick Info

CVE Published: 16/01/2024 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: WPScan | Vendor: Unknown | Product: ark-commenteditor
Status : PUBLISHED

---

CVE-2021-4227 Description

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).