Pular para o conteúdo
Ver todas as ameaças

CVE-2021-24201

Alvo: Não informado

Descrição

In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24201
Tags
Nâo informado
Data de publicação
05/04/2021
Última atualização
08/11/2023
Pontuação em CVSS 3.0
5.4
Médio
plugins premium WordPress