Home / Early Warning / Vulnerabilidades / CVE-2021-39354

CVE-2021-39354

Type: 
Cross-Site Scripting (XSS)
Severity: 
Low
Publication date: 
10/21/2021
Last modified: 
10/27/2021
Description
The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $start_date and $end_date parameters found in the ~/includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2.
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Requires a single instance to exploit
Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
To consult the complete list of products and versions see this page
Explanation of fields