Vulnerability CVE-2021-24489: Information
Description
The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
Severity: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firmware-intel-ucode | sisyphus | 16-alt1.20210608 | 23-alt1.20231114 | ALT-PU-2021-1996-1 | 274527 | Fixed |
firmware-intel-ucode | p10 | 16-alt1.20210608 | 23-alt1.20231114 | ALT-PU-2021-1996-1 | 274527 | Fixed |
firmware-intel-ucode | p9 | 16-alt1.20210608 | 23-alt1.20231114 | ALT-PU-2021-3199-1 | 288217 | Fixed |
firmware-intel-ucode | c10f1 | 16-alt1.20210608 | 23-alt1.20231114 | ALT-PU-2021-1996-1 | 274527 | Fixed |
firmware-intel-ucode | c9f2 | 23-alt1.20231114 | 23-alt1.20231114 | ALT-PU-2023-8026-3 | 334548 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://wpscan.com/vulnerability/36e8efe8-b29f-4c9e-9dd5-3e317aa43e0c |
|