CVE-2021-24495

CVE-2021-24495: Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting

Vendor Unknown
Product Marmoset Viewer
Weakness CWE-79 · XSS
Published August 9, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-25596 InvoicePlane has Stored XSS via Product Unit Name in Invoice Item List CVE-2024-13340 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-23586 WordPress WP Post Category Notifications plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-21648 Sandbox bypass in Latte templates CVE-2023-48467 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)