CVE-2021-25088

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:google_xml_sitemaps_project:google_xml_sitemaps:*:*:*:*:*:wordpress:*:*

History

30 Jun 2022, 14:24

Type Values Removed Values Added
First Time Google Xml Sitemaps Project
Google Xml Sitemaps Project google Xml Sitemaps
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://wpscan.com/vulnerability/820c51d6-186e-4d63-b4a7-bd0a59c02cc8 - (MISC) https://wpscan.com/vulnerability/820c51d6-186e-4d63-b4a7-bd0a59c02cc8 - Exploit, Third Party Advisory
CPE cpe:2.3:a:google_xml_sitemaps_project:google_xml_sitemaps:*:*:*:*:*:wordpress:*:*

20 Jun 2022, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-20 11:15

Updated : 2022-06-30 14:24


NVD link : CVE-2021-25088

Mitre link : CVE-2021-25088


JSON object : View

Products Affected

google_xml_sitemaps_project

  • google_xml_sitemaps
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')