Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-24388
PUBLISHED
More InfoOfficial Page
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
View Known Exploited Vulnerability (KEV) details
Published At-06 Jul, 2021 | 11:03
Updated At-03 Aug, 2024 | 19:28
Rejected At-
▼CVE Numbering Authority (CNA)
Vik Rent Car < 1.1.7 - CSRF to Stored XSS

In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it.

Affected Products
Vendor
E4J s.r.l.
Product
VikRentCar Car Rental Management System
Versions
Affected
  • From 1.1.7 before 1.1.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-site Scripting (XSS)
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Satyender Yadav
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/e3f6576f-08cb-4278-8c79-3ef4d0b85cd9
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/e3f6576f-08cb-4278-8c79-3ef4d0b85cd9
x_refsource_CONFIRM
x_transferred
Details not found