The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe |
|
CPEs | cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Sendinblue
Sendinblue newsletter\, Smtp\, Email Marketing And Subscribe |
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe |
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-01-24T08:00:55
Updated: 2024-08-03T19:49:13.481Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24923
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-01-24T08:15:08.803
Modified: 2024-11-21T05:54:01.217
Link: CVE-2021-24923
Redhat
No data.