CVE-2021-24298

CVE-2021-24298: Simple Giveaways < 2.36.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Vendor Igor Benic
Product Simple Giveaways – Grow your business, email lists and traffic with contests
Weakness CWE-79 · XSS
Published May 24, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS

Key dates

02Disclosure timeline

May 24, 2021 CVE published
August 3, 2024 Record updated