CVE-2021-24740

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-24740
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24740.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-24740
Published
2021-10-18T14:15:09Z
Modified
2024-09-03T03:44:27.870968Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

References

Affected packages

Git / github.com/themeum/tutor

Affected ranges

Type
GIT
Repo
https://github.com/themeum/tutor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.4.6
1.6.7
1.6.9

v.*

v.1.6.5

v1.*

v1.0.0
v1.0.0-alpha
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.11
v1.2.12
v1.2.13
v1.2.20
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.6.1
v1.6.2
v1.6.6
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.8
v1.7.9
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8