CVE-2021-24902

CVE-2021-24902: Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting

Vendor Unknown
Product Typebot | Build beautiful conversational forms
Weakness CWE-79 · XSS
Published December 27, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

December 27, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE