CVE-2021-24519

CVE-2021-24519: Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product VikRentCar Car Rental Management System
Weakness CWE-79 · XSS
Published August 16, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue

Key dates

02Disclosure timeline

August 16, 2021 CVE published
August 3, 2024 Record updated