The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe |
|
CPEs | cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Sendinblue
Sendinblue newsletter\, Smtp\, Email Marketing And Subscribe |
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe |
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-14T09:20:36
Updated: 2024-08-03T19:49:14.383Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24874
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-14T12:15:14.573
Modified: 2024-11-21T05:53:55.900
Link: CVE-2021-24874
Redhat
No data.