CVE-2021-24323

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-24323

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24323.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-24323

Aliases

GHSA-mp46-7x6q-f28m

Published

2021-05-17T17:15:08Z

Modified

2024-09-02T22:12:04Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

References

https://wpscan.com/vulnerability/6d262555-7ae4-4e36-add6-4baa34dc3010

Affected packages

Git / github.com/woocommerce/woocommerce

Affected ranges

Type: GIT
Repo: https://github.com/woocommerce/woocommerce
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

90def7c366a63a2d7c522a34cf7992939eedd145