Ver todas as ameaças

CVE-2021-24964

Alvo: Não informado

Descrição

The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24964
Tags
Nâo informado
Data de publicação
03/01/2022
Última atualização
01/12/2024
Pontuação em CVSS 3.0
6.1
Médio
Rolar para cima