CVE-2021-24409: Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)
First published: Mon Jul 12 2021(Updated: )
The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Plugin-planet Prismatic | <2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-24409.
What is the severity of CVE-2021-24409?
CVE-2021-24409 has a severity value of 6.1 (medium).
What software is affected by CVE-2021-24409?
The Prismatic WordPress plugin versions up to and excluding 2.8 are affected by CVE-2021-24409.
What is the impact of CVE-2021-24409?
CVE-2021-24409 can lead to a reflected Cross-Site Scripting (XSS) issue executed in the context of a logged-in administrator.
Is there a fix available for CVE-2021-24409?
To mitigate CVE-2021-24409, it is recommended to update the Prismatic WordPress plugin to version 2.8 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/plugin-planet
- canonical/plugin-planet prismatic