Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-24346
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Stock in & out WordPress 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 Stock in & out WordPress 中存在跨站脚本漏洞,该漏洞源于在echo语句中使用srch POST参数之前,不会对其进行验证、清理或转义,从而导致反射XSS问题,攻击者可通过该漏洞引起代码执行。以下产品及型号受到影响:Stock in & out WordPress 1.0.4。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
UnknownStock in & out 1.0.4 ~ 1.0.4 -
II. Public POCs for CVE-2021-24346
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-24346
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Stock in & out
Same vendor: Unknown
Same weakness: CWE-79
V. Comments for CVE-2021-24346

No comments yet

Leave a comment