Lucene search
WPScanCVELIST:CVE-2021-24323HistoryMay 17, 2021 - 4:48 p.m.
CVE-2021-24323 Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
2021-05-1716:48:53
CWE-79
WPScan
www.cve.org
3
woocommerce
authenticated
xss
vulnerability
EPSS
0.001
Percentile
24.8%
When taxes are enabled, the “Additional tax classes” field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled
CNA Affected
[
{
"product": "WooCommerce",
"vendor": "Automattic",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "5.2.0",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
2021-04-21 00:00:00
osv
osv
Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled
2022-05-24 19:02:37
CVE-2021-24323
2021-05-17 17:15:08
prion
prion
Cross site scripting
2021-05-17 17:15:00
wpexploit
wpexploit
Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)
2021-04-21 00:00:00
cve
cve
CVE-2021-24323
2021-05-17 17:15:08
nvd
nvd
CVE-2021-24323
2021-05-17 17:15:08
github
github