Vulnerability Details : CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2021-30134
- cpe:2.3:a:qiwi:woo-qiwi-payment-gateway:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:*
- Ht Slider Range For Amazon Affiliates Project » Ht Slider Range For Amazon Affiliates » For WordpressVersions before (<) 1.1.6cpe:2.3:a:ht_slider_range_for_amazon_affiliates_project:ht_slider_range_for_amazon_affiliates:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:teamleade:teamleader_crm_forms:*:*:*:*:*:wordpress:*:*
- Ptwooplugins » Invoicing With Invoicexpress For Woocommerce » For WordpressVersions before (<) 3.0.3cpe:2.3:a:ptwooplugins:invoicing_with_invoicexpress_for_woocommerce:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:shopello_api_project:shopello_api:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-30134
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2021-30134
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-30134
-
https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7
Just a moment...Exploit;Third Party Advisory
Jump to