CVE-2021-24299 - Vulnerability Details - OpenCVE

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Catzsoft	Redi Restaurant Reservation

Configuration 1 [-]

cpe:2.3:a:catzsoft:redi_restaurant_reservation:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html
https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-05-17T16:48:53

Updated: 2024-08-03T19:28:23.396Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24299

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-17T17:15:08.280

Modified: 2024-11-21T05:52:47.557

Link: CVE-2021-24299

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ReDi Restaurant Reservation", "vendor": "Reservation Diary", "versions": [{"lessThan": "21.0426", "status": "affected", "version": "21.0426", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bastijn Ouwendijk"}], "descriptions": [{"lang": "en", "value": "The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-24T15:06:14", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html"}], "source": {"discovery": "UNKNOWN"}, "title": "ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24299", "STATE": "PUBLIC", "TITLE": "ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ReDi Restaurant Reservation", "version": {"version_data": [{"version_affected": "<", "version_name": "21.0426", "version_value": "21.0426"}]}}]}, "vendor_name": "Reservation Diary"}]}}, "credit": [{"lang": "eng", "value": "Bastijn Ouwendijk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670"}, {"name": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24299", "datePublished": "2021-05-17T16:48:53", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:23.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:catzsoft:redi_restaurant_reservation:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "62B3EC69-C111-4135-82CE-2944F7518341", "versionEndExcluding": "21.0426", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded."}, {"lang": "es", "value": "El plugin de WordPress para ReDi Restaurant Reservation versiones anteriores al 21.0426, proporciona la funcionalidad para permitir a usuarios hacer reservas en restaurantes. Estas reservas son almacenadas y pueden ser enumeradas en una p\u00e1gina de \"Upcoming\" proporcionada por el plugin. Un usuario no autenticado puede completar el formulario para hacer una reserva en un restaurante. El formulario para hacer un campo de reserva de restaurante llamado \"Comment\" no usa la comprobaci\u00f3n de entrada apropiada y puede ser usada para almacenar cargas \u00fatiles XSS. Las cargas \u00fatiles XSS ser\u00e1n ejecutadas cuando el usuario del plugin vaya a la p\u00e1gina \"Upcoming\", que es un sitio web externo https://upcoming.reservationdiary.eu/ cargado en un iframe, y es cargado la reserva almacenada con la carga \u00fatil XSS"}], "id": "CVE-2021-24299", "lastModified": "2024-11-21T05:52:47.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-17T17:15:08.280", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}