CVE-2024-6020 - Vulnerability Details - OpenCVE

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Fetchdesigns	Sign-up Sheets

Configuration 1 [-]

cpe:2.3:a:fetchdesigns:sign-up_sheets:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/f3526320-3abd-4ddb-8f73-778741bd9c48/

History

Mon, 07 Oct 2024 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-79
CPEs		cpe:2.3:a:fetchdesigns:sign-up_sheets::::::wordpress::*

Wed, 04 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fetchdesigns Fetchdesigns sign-up Sheets
CPEs		cpe:2.3:a:fetchdesigns:sign-up_sheets::::::::
Vendors & Products		Fetchdesigns Fetchdesigns sign-up Sheets
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Sep 2024 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.
Title		Sign-up Sheets < 2.2.13 - Reflected XSS
References		https://wpscan.com/vulnerability/f3526320-3abd-4ddb-8f73-778741bd9c48/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-09-04T06:00:02.532Z

Updated: 2024-09-04T14:23:36.656Z

Reserved: 2024-06-14T18:51:47.499Z

Link: CVE-2024-6020

Vulnrichment

Updated: 2024-09-04T14:23:06.264Z

NVD

Status : Analyzed

Published: 2024-09-04T06:15:17.260

Modified: 2024-10-07T15:42:21.017

Link: CVE-2024-6020

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6020", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-06-14T18:51:47.499Z", "datePublished": "2024-09-04T06:00:02.532Z", "dateUpdated": "2024-09-04T14:23:36.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-09-04T06:00:02.532Z"}, "title": "Sign-up Sheets < 2.2.13 - Reflected XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Sign-up Sheets", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "2.2.13"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting."}], "references": [{"url": "https://wpscan.com/vulnerability/f3526320-3abd-4ddb-8f73-778741bd9c48/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Bob Matyas", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "fetchdesigns", "product": "sign-up_sheets", "cpes": ["cpe:2.3:a:fetchdesigns:sign-up_sheets:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.2.13", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T14:20:07.793359Z", "id": "CVE-2024-6020", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:23:36.656Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6020", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T14:20:07.793359Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fetchdesigns:sign-up_sheets:*:*:*:*:*:*:*:*"], "vendor": "fetchdesigns", "product": "sign-up_sheets", "versions": [{"status": "affected", "version": "0", "lessThan": "2.2.13", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T14:23:06.264Z"}}], "cna": {"title": "Sign-up Sheets < 2.2.13 - Reflected XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Bob Matyas"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Sign-up Sheets", "versions": [{"status": "affected", "version": "0", "lessThan": "2.2.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/f3526320-3abd-4ddb-8f73-778741bd9c48/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-09-04T06:00:02.532Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6020", "state": "PUBLISHED", "dateUpdated": "2024-09-04T14:23:36.656Z", "dateReserved": "2024-06-14T18:51:47.499Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-09-04T06:00:02.532Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fetchdesigns:sign-up_sheets:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AFD61F27-3D5F-4D3A-8E05-6C678AFB11DC", "versionEndExcluding": "2.2.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting."}, {"lang": "es", "value": "El complemento Sign-up Sheets de WordPress anterior a la versi\u00f3n 2.2.13 no escapa a algunas URL generadas, as\u00ed como tampoco al par\u00e1metro $_SERVER['REQUEST_URI'] antes de mostrarlas nuevamente en atributos, lo que podr\u00eda generar un error de cross-site scripting reflejado."}], "id": "CVE-2024-6020", "lastModified": "2024-10-07T15:42:21.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-04T06:15:17.260", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/f3526320-3abd-4ddb-8f73-778741bd9c48/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}