CVE-2021-24429

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-07-12 20:15

Updated : 2021-07-15 15:20

NVD link : CVE-2021-24429

Mitre link : CVE-2021-24429

CVE.ORG link : CVE-2021-24429

JSON object : View

Products Affected

salonbookingsystem

salon_booking_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-24429", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-07-12T20:15:09.410", "references": [{"url": "https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the \"Calendar\" page and the malicious script is executed in the admin context."}, {"lang": "es", "value": "El plugin de WordPress Salon booking system versiones anteriores a 6.3.1, no sanea ni escapa apropiadamente del campo First Name cuando se reserva una cita, permitiendo a usuarios pocos privilegiados, como los suscriptores, introducir JavaScript en ellos, conllevando a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado. La carga \u00fatil ser\u00e1 desencadenada entonces cuando un administrador visite la p\u00e1gina \"Calendar\" y el script malicioso sea ejecutado en el contexto del administrador"}], "lastModified": "2021-07-15T15:20:34.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DB7E43D9-5428-4BD6-AD92-C5DACACD8DD5", "versionEndExcluding": "6.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}