CVE-2021-24495

MEDIUM NUCLEI

Marmoset Viewer < 1.9.3 - XSS

Title source: rule

Description

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.

Nuclei Templates (1)

Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting
MEDIUMby johnjhacking

References (2)

Scores

CVSS v3 6.1
EPSS 0.3221
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
marmoset/marmoset_viewer < 1.9.3
Published Aug 09, 2021
Tracked Since Feb 18, 2026