CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24973 – Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24973
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin El plugin Site Reviews de WordPress versiones anteriores a 5.17.3, no sanea ni escapa el parámetro site-reviews de la acción AJAX glsr_action (disponible para usuarios no autenticados y para cualquier usuario autenticado), permitiéndoles llevar a cabo ataques de tipo Cross-Site Scripting contra administradores registrados que visualicen el panel de herramientas del plugin • https://plugins.trac.wordpress.org/changeset/2629821 https://wpscan.com/vulnerability/0118f245-0e6f-44c1-9bdb-5b3a5d2403d6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24603 – Site Reviews < 5.13.1 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24603
The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed El plugin de WordPress Site Reviews versiones anteriores a 5.13.1, no sanea algunos de los Detalles de las Reseñas cuando se añade una reseña como administrador, que podría permitir llevar a cabo ataques de tipo Cross-Site Scripting cuando unfiltered_html no está permitida. • https://wpscan.com/vulnerability/72aea0e5-1fa7-4827-a173-59982202d323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0603 – Site Reviews <= 2.15.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0603
Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de tipo Cross-Site Scripting (XSS) en Site Reviews en versiones anteriores a la 2.15.3 permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN60978548/index.html https://wordpress.org/plugins/site-reviews/#developers https://wpvulndb.com/vulnerabilities/9102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •