Vulnerability Description
Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nendeb | Fudousan Plugin | <= 5.7.0 |
| Nendeb | Fudousan Plugin Pro Multi-User | <= 5.7.0 |
| Nendeb | Fudousan Plugin Pro Single-User | <= 5.7.0 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN93799513/index.htmlThird Party Advisory
- https://nendeb.jp/fudouProductThird Party Advisory
- https://www.nendeb-biz.jp/2021-0617-1200/PatchThird Party Advisory
- https://jvn.jp/en/jp/JVN93799513/index.htmlThird Party Advisory
- https://nendeb.jp/fudouProductThird Party Advisory
- https://www.nendeb-biz.jp/2021-0617-1200/PatchThird Party Advisory
FAQ
What is CVE-2021-20749?
CVE-2021-20749 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allo...
How severe is CVE-2021-20749?
CVE-2021-20749 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20749?
Check the references section above for vendor advisories and patch information. Affected products include: Nendeb Fudousan Plugin, Nendeb Fudousan Plugin Pro Multi-User, Nendeb Fudousan Plugin Pro Single-User.