The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
History

Wed, 16 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe
CPEs cpe:2.3:a:sendinblue:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:* cpe:2.3:a:brevo:newsletter\,_smtp\,_email_marketing_and_subscribe:*:*:*:*:*:wordpress:*:*
Vendors & Products Sendinblue
Sendinblue newsletter\, Smtp\, Email Marketing And Subscribe
Brevo
Brevo newsletter\, Smtp\, Email Marketing And Subscribe

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-01-24T08:00:55

Updated: 2024-08-03T19:49:13.481Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24923

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-24T08:15:08.803

Modified: 2024-11-21T05:54:01.217

Link: CVE-2021-24923

cve-icon Redhat

No data.