CVE-2021-24438 in ShareThis Dashboard for Google Analytics Pluginالمعلومات

الملخص

بحسب MITRE • 30/08/2021

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

14/01/2021

إفشاء

30/08/2021

الاعتدال

تمت الموافقة

إدخال

VDB-181637

EPSS

0.00827

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Do you know our Splunk app?

Download it now for free!