Lucene search
WpvulndbWPVDB-ID:72B80BA4-9D9D-4E8C-A2C1-6D699FF976B1HistoryOct 14, 2021 - 12:00 a.m.
HAL < 2.2 - Admin+ Stored Cross-Site Scripting
2021-10-1400:00:00
wpscan.com
8
0.001 Low
EPSS
Percentile
26.4%
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Related
prion
prion
Cross site scripting
2021-10-15 13:15:00
cve
cve
CVE-2021-39345
2021-10-15 13:15:08
patchstack
patchstack
nvd
nvd
CVE-2021-39345
2021-10-15 13:15:08
cvelist
cvelist
CVE-2021-39345 HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting
2021-10-14 00:00:00