CVE-2021-24963

CVE-2021-24963: LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting

Vendor Unknown
Product LiteSpeed Cache
Weakness CWE-79 · XSS
Published January 3, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

January 3, 2022 CVE published
August 3, 2024 Record updated