CVE-2021-24455

Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege escalation when viewed by an admin.

El plugin de WordPress Tutor LMS - eLearning and online course solution versiones anteriores a 1.9.2, no escapaba el campo Summary of Announcements (cuando lo mostraba en un atributo), que puede ser creado por usuarios tan bajos como Tutor Instructor. Esto conllevaba a un problema de tipo Cross-Site Scripting Almacenado, que se desencadena cuando se visualiza la lista de Anuncios, y podía resultar en una escalada de privilegios cuando era visualizada por un administrador

*Credits: Phu Tran from techlabcorp.com

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-14 CVE Reserved
2021-06-28 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/9ef14cf1-1e04-4125-a296-9aa5388612f9	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Themeum Search vendor "Themeum"		Tutor Lms Search vendor "Themeum" for product "Tutor Lms"				< 1.9.2 Search vendor "Themeum" for product "Tutor Lms" and version " < 1.9.2"		wordpress		Affected