CVE-2021-24366

MEDIUM Year: 2021
CVSS v3 Score
5.4
Medium
CVSS v2 Score
3.5
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Related Vulnerabilities

CVE-2013-0375

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vect...

NVD-CWE-Other2013

CVE-2016-0245

MEDIUM
CVSS:5.4(Medium)

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external en...

NVD-CWE-Other2016

CVE-2016-0408

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity v...

NVD-CWE-Other2016

CVE-2016-0468

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affec...

NVD-CWE-Other2016

CVE-2016-0673

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF...

NVD-CWE-Other2016