Vulnerabilities > CVE-2021-24597 - Unspecified vulnerability in You-Shang Project You-Shang

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

you-shang-project

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used

Vulnerable Configurations

Part	Description	Count
Application	You-Shang_Project YOU Shang Project YOU Shang *	1

References

https://wpscan.com/vulnerability/37554d0e-68e2-4df9-8c59-65f5cd7f184e
https://wpscan.com/vulnerability/37554d0e-68e2-4df9-8c59-65f5cd7f184e