Vulnerabilities > CVE-2021-24534 - Unspecified vulnerability in Phonetrack MEU Site Manager 0.1

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

phonetrack

NVD

Published: 2021-08-16

Updated: 2024-11-21

Summary

The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.

Vulnerable Configurations

Part	Description	Count
Application	Phonetrack Phonetrack Phonetrack MEU Site Manager - Phonetrack Phonetrack MEU Site Manager 0.1	2

References

https://wpscan.com/vulnerability/b968b9a1-67f3-4bef-a3d3-6e8942bb6570
https://wpscan.com/vulnerability/b968b9a1-67f3-4bef-a3d3-6e8942bb6570