How severe is CVE-2021-24821?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2021-24821?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2021-24821

MEDIUM Year: 2021

CVSS v3 Score

5.4

Medium

CVSS v2 Score

3.5

Low

Weakness Type

CWE-79

View all →

Vulnerability Description

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page)

CVE-2006-10001

MEDIUM

CVSS:5.4(Medium)

A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipu...

CWE-792006

CVE-2007-1679

MEDIUM

CVSS:5.4(Medium)

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php...

CWE-792007

CVE-2010-10008

MEDIUM

CVSS:5.4(Medium)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an un...

CWE-792010

CVE-2010-3659

MEDIUM

CVSS:5.4(Medium)

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject...

CWE-792010