CVE-2021-3124

MEDIUM

Newtarget Custom Global Variables - XSS

Title source: rule

Description

Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Swapnil Subhash Bodekar · textwebappsphp

https://www.exploit-db.com/exploits/49406

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49406

[Third Party Advisory] https://db.threatpress.com/vulnerability/custom-global-variables/wordpress-custom-global-variables-plugin-1-0-5-stored-cross-site-scripting-xss-vulnerability

Scores

CVSS v3 5.4

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

newtarget/custom_global_variables 1.0.5

Published Feb 25, 2021

Tracked Since Feb 18, 2026