CVE-2021-24980

CVE-2021-24980: Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting

Vendor Unknown
Product Gwolle Guestbook
Weakness CWE-79 · XSS
Published December 27, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page

Key dates

02Disclosure timeline

December 27, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE