Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-24299 | CWE-79 | Medium |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Exploit Alert | Medium | Remote | 2021-05-25 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L | 0.02192 | 0.50148 |
# Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS) # Date: 2021-05-10 # Exploit Author: Bastijn Ouwendijk # Vendor Homepage: https://reservationdiary.eu/ # Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ # Version: 21.0307 and earlier # Tested on: Windows 10 # CVE : CVE-2021-24299 # Proof: https://bastijnouwendijk.com/cve-2021-24299/ Steps to exploit this vulnerability: 1. Go to the page where [redirestaurant] is embed to make a restaurant reservation by filling in the requested information 2. In the 'Comment' field of the restaurant reservation form put the payload: `<script>alert("XSS")</script>` 3. Submit the form 4. While being logged into WordPress as administrator go to ReDi Reservations > Upcoming (Tablet PC) 5. Click on 'View upcoming reservations' 6. Select for 'Show reservations for': 'This week' 7. The reservations are loaded and two alerts are shown with text 'XSS'
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.