Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for DrawBlog by Unknown
CVE-2021-24479 (GCVE-0-2021-24479)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
VLAI
Title
DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5fd2246a-fbd9-4f… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DrawBlog",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.90",
"status": "affected",
"version": "0.90",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABISHEIK M"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:32:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DrawBlog \u003c= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24479",
"STATE": "PUBLIC",
"TITLE": "DrawBlog \u003c= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DrawBlog",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.90",
"version_value": "0.90"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABISHEIK M"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24479",
"datePublished": "2021-08-02T10:32:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24479 (GCVE-0-2021-24479)
Vulnerability from nvd – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
VLAI
Title
DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5fd2246a-fbd9-4f… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DrawBlog",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.90",
"status": "affected",
"version": "0.90",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABISHEIK M"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:32:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DrawBlog \u003c= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24479",
"STATE": "PUBLIC",
"TITLE": "DrawBlog \u003c= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DrawBlog",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.90",
"version_value": "0.90"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABISHEIK M"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5fd2246a-fbd9-4f2a-8b0b-a64c3f91157c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24479",
"datePublished": "2021-08-02T10:32:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}