CVE-2021-24516 — MEDIUM (4.8)

Q: How severe is CVE-2021-24516?

CVE-2021-24516 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24516?

Check the references section above for vendor advisories and patch information. Affected products include: Planso Planso Forms.

Vulnerability Description

The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Planso	Planso Forms	<= 2.6.3

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/88d70e35-4c22-4bc7-b1a5-24068d55257cExploitThird Party Advisory
https://wpscan.com/vulnerability/88d70e35-4c22-4bc7-b1a5-24068d55257cExploitThird Party Advisory

FAQ

What is CVE-2021-24516?

CVE-2021-24516 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even whe...

How severe is CVE-2021-24516?

CVE-2021-24516 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24516?

Check the references section above for vendor advisories and patch information. Affected products include: Planso Planso Forms.