Vulnerabilites related to Unknown - Connections Business Directory
CVE-2021-24794 (GCVE-0-2021-24794)
Vulnerability from cvelistv5
Published
2021-11-01 08:46
Modified
2024-08-03 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Connections Business Directory |
Version: 10.4.3 < 10.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Connections Business Directory",
"vendor": "Unknown",
"versions": [
{
"lessThan": "10.4.3",
"status": "affected",
"version": "10.4.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huy Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:46:26",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Connections Business Directory \u003c 10.4.3 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24794",
"STATE": "PUBLIC",
"TITLE": "Connections Business Directory \u003c 10.4.3 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connections Business Directory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.4.3",
"version_value": "10.4.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Huy Nguyen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24794",
"datePublished": "2021-11-01T08:46:26",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36503 (GCVE-0-2020-36503)
Vulnerability from cvelistv5
Published
2021-11-01 08:45
Modified
2024-08-04 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Summary
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Connections Business Directory |
Version: 9.7 < 9.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Connections-Business-Directory/Connections/issues/474"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Connections Business Directory",
"vendor": "Unknown",
"versions": [
{
"lessThan": "9.7",
"status": "affected",
"version": "9.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rudra Sarkar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections\u0027 fields, which could lead to a CSV injection issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:45:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Connections-Business-Directory/Connections/issues/474"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Connections Business Directory \u003c 9.7 - Admin+ CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2020-36503",
"STATE": "PUBLIC",
"TITLE": "Connections Business Directory \u003c 9.7 - Admin+ CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connections Business Directory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "9.7",
"version_value": "9.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rudra Sarkar"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections\u0027 fields, which could lead to a CSV injection issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Connections-Business-Directory/Connections/issues/474",
"refsource": "MISC",
"url": "https://github.com/Connections-Business-Directory/Connections/issues/474"
},
{
"name": "https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2020-36503",
"datePublished": "2021-11-01T08:45:53",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T17:30:08.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}