Source |
CVE Liste |
Identifiant |
3628932 |
Date de publication |
2021-11-08 18:15:09 (vue: 2021-11-08 20:05:55) |
Titre |
CVE-2021-24697 |
Texte |
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues |
Envoyé |
Oui |
Condensat |
2021 24697 active attributes back before cross cve date date/sdm does download end escape get issues leading monitor not outputting parameter parameters plugin post reflected scripting sdm simple site start stats tab them wordpress |
Tags |
Guideline
|
Stories |
|
Notes |
|
Move |
|