Vulnerabilities > CVE-2021-38356 - Unspecified vulnerability in Nextscripts Social Networks Auto Poster

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
nextscripts
NVD
Published: 2021-11-01
Updated: 2024-11-21

Summary

The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].

Vulnerable Configurations

Part Description Count
Application
Nextscripts
261

References