Vulnerabilities > CVE-2021-38357 - Unspecified vulnerability in Elyazalee Sms-Ovh 0.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |