fkie_cve-2021-24443
Vulnerability from fkie_nvd
Published
2021-08-02 11:15
Modified
2024-11-21 05:53
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example.
References
contact@wpscan.comhttps://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34Exploit, Third Party Advisory
Impacted products
Vendor Product Version
kainelabs youzify *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "C214289F-A92D-4976-B7FD-3B4D2E94FC72",
              "versionEndExcluding": "1.0.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The About Me widget of the Youzify \u2013 BuddyPress Community, User Profile, Social Network \u0026 Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authenticated user to set Cross-Site Scripting payloads in it, which will be executed when viewing the affected user profile. This could allow a low privilege user to gain unauthorised access to the admin side of the blog by targeting an admin, inducing them to view their profile with a malicious payload adding a rogue account for example."
    },
    {
      "lang": "es",
      "value": "Los plugins About Me widget of the Youzify \u00e2\u20ac\u201c BuddyPress Community, User Profile, Social Network \u0026amp; Membership de Wordpress versiones anteriores a 1.0.7, no sanea apropiadamente su campo Biography, permitiendo a cualquier usuario autenticado ajustar cargas \u00fatiles de tipo Cross-Site Scripting en \u00e9l, que se ejecutar\u00e1n cuando se visualice el perfil del usuario afectado. Esto podr\u00eda permitir a un usuario con pocos privilegios obtener acceso no autorizado a la parte de administraci\u00f3n del blog apuntando a un administrador, induci\u00e9ndole a ver su perfil con una carga \u00fatil maliciosa a\u00f1adiendo una cuenta falsa, por ejemplo"
    }
  ],
  "id": "CVE-2021-24443",
  "lastModified": "2024-11-21T05:53:05.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-02T11:15:08.960",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/a4432acd-df49-4a4f-8184-b55cdd5d4d34"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "contact@wpscan.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.