Lucene search

[email protected]CVE-2021-24388

HistoryJul 06, 2021 - 11:15 a.m.

CVE-2021-24388

2021-07-0611:15:08

CWE-352

CWE-79

[email protected]

web.nvd.nist.gov

vikrentcar

wordpress plugin

cve-2021-24388

cross-site scripting

stored xss

csrf

security vulnerability

information security

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.4%

JSON

In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it.

Affected configurations

Vulners

NVD

Node

e4j_s.r.l.vikrentcar_car_rental_management_systemRange<1.1.7

CPENameOperatorVersion
e4j:vikrentcar_car_rental_management_systeme4j vikrentcar car rental management systemlt1.1.7

CPE	Name	Operator	Version
e4j:vikrentcar_car_rental_management_system	e4j vikrentcar car rental management system	lt	1.1.7

CNA Affected

[
  {
    "product": "VikRentCar Car Rental Management System",
    "vendor": "E4J s.r.l.",
    "versions": [
      {
        "lessThan": "1.1.7",
        "status": "affected",
        "version": "1.1.7",
        "versionType": "custom"
      }
    ]
  }
]